-
## Description
`trivy image` outputs:
```
Examples:
...
# Generate a report in the CycloneDX format
$ trivy image --format cyclonedx --output result.cdx --security-checks none alpine:3.15
`…
-
Hey folks!
I'm super new to the build-api operator, and I was poking around with it to understand it better
Specifically - I'm trying to run a simple buildpacks-v3 build on openshift by following t…
-
I have an SBOM that only contains packages, setting FilesAnalyzed to false this should be according to standard.
Looking at the SBOM examples from SPDX, this example4 causes the same problem when t…
-
-
**Describe the solution you'd like**
ko[^1] is a simple, fast container image builder for Go applications.
It's ideal for use cases where your image contains a single Go application without any/…
-
Description: Apply best practices as defined by the Supply Chain Security WG's Best Practices guide as well as any additional practices as defined in the Secure Software Factory ref arch.
Impact: T…
-
When using the `--required-only` option, `cdxgen` uses `babel-parser` to find the imports in the source files as described at https://github.com/AppThreat/cdxgen#automatic-usage-detection
The probl…
-
When using `composite` actions steps are defined in `action.yml` and we can have dependency to another actions.
Currently dependencies aren't checked in `action.yml`
-
syft convert sbom.syft.json -o cyclonedx-json=img.cdx.json
2022/07/11 10:59:36 error during command execution: unknown shorthand flag: 'o' in -o
Its experimental feature.. just wanted to check if …
gm7y8 updated
2 years ago
-
Currently we are generating the SBOM files for the policy server binaries. To improve even further our security and SSC, It's necessary to generate SBOM file of the system where our binaries and conta…