-
**What happened**:
Hi! 👋 I am leveraging the Syft Go library in my project to generate SBOMs. I'm wondering if there are any support expectations from maintainers around the library? Can I expect …
-
VEX is an emerging spec, and tool set to ease the burden of determining vulnerability exploitation likelihood within components used during a build. OpenVEX is a community currently developing a spec,…
-
Really impressive what you have done so far.đź‘Ť
Unfortunately it seems like you are using brittle build and development chains including Docker and a vaguely formulated readme (For dev build instruct…
-
First: a nice and very helpful project. Thanks for that.
The Subject: I have a .spdx (tagged, not json) with multiple packages. The first one is quite large (>200k lines) and doesn't have PURLs. Fo…
-
## Feature Request
Those who know me a little, already know that I've tried in past to include a **manifest** into the official BOX project.
Even if this feature is not available, a fork with patc…
-
The model defines a Payload interface, indicating that it can include a single serialized element, as well as multiple elements serialized together. The model diagram includes a few examples, but is …
-
Gitlab has recently started generating [attestations for build artifacts](https://docs.gitlab.com/ee/ci/runners/configure_runners.html#artifact-attestation). The attestation format is the standard int…
-
**What happened**:
```
~ kind create cluster
Creating cluster "kind" ...
âś“ Ensuring node image (kindest/node:v1.25.3) đź–Ľ
✓ Preparing nodes 📦
âś“ Writing configuration đź“ś
✗ Starting c…
ep4sh updated
11 months ago
-
## Background
I see you are shipping vendored dependencies here: https://github.com/digininja/DVWA/tree/master/external
I suppose there is a lot of other code that is bundled/vendored with this proj…
-
## Description
`trivy sbom` appears to rely on the presence of a [`SourcePackagePrefix`](https://github.com/aquasecurity/trivy/blob/3165c376e229d2c6e1a0d905b1fcd36701ebac12/pkg/sbom/spdx/marshal.go…