-
## Summary
I should be able to run `spdx-sbom-generator` in a Cargo workspace.
## Background
I've just tried out `spdx-sbom-generator` in my project, but it fails as follows:
```
➜ spdx-s…
-
The current npm JSON parser implements JSON reading using `ioutil.ReadJson` which is deprecated. Plus, some considerations with `package-json.lock` file is not supported.
See https://github.com/ope…
-
The build stage of the pipeline generates SBOMs using this logic:
https://github.com/dotnet/docker-tools/blob/9791b1592829efbcd4da15a4aabed083b66615b7/eng/common/templates/jobs/build-images.yml#L12…
-
## Describe the Enhancement
I would like to see the SBOM generation reworked behind a new interface or abstraction. We had some limits imposed when this functionality was added because we didn't wa…
-
**Expected behaviour**
[gh-sbom ](https://github.com/advanced-security/gh-sbom) is the newest sbom generator that can traverse through GitHub dependency-tree to build a sbom in CycloneDX or SPDX (JSO…
-
**Bug Description**
When I set the output type to cdx, the tool does not generate any output. In order to generate a CycloneDx BOM, I have to use -t all and then pull the .cdx files.
**Steps to…
-
Running `mvn clean package` fails to resolve all dependencies.
```
Could not resolve dependencies for project org.cyclonedx.contrib.com.lmco.efoss.unix.sbom:linux-sbom-generator:jar:3.1.0-SNAPSHOT…
-
- https://learn.microsoft.com/en-us/azure/security/container-secure-supply-chain/articles/attach-sbom
- https://oras.land/blog/oras-0.14-and-future/#attach-the-sbom-to-this-image
We can use the OR…
-
### Description
Add the ability to generate an SBOM without doing a cve scan of the components found. We could potentially make this work for other formats other than SBOM (such as an HTML report)…
-
### Ticket Contents
## Description
This has two aspects, the first one being more high level information such as the lines of code, contributors, dependencies, repositories, commits. An automate…