-
Hi,
As mentioned on the gitter chat, I am prototyping a command line linter to scan environments for components that are by their end of life according to your wonderful database.
https://github…
-
Reading through the proposals, I believe that Proposal D is directionally the one that is best. I think this because it does not require changing the data model of registries which means that getting …
-
As part of the strategy to supply Cyclone DX SBOM info for Adoptium binaries, this issue covers the initial task of creating a Cyclone DX SBOM equivalent of the current binary metadata build-info.
Th…
-
- [x] Example for generating provenance and storing in ghcr.io (#390)
- [x] Examples of policy verification with [Kyverno](https://kyverno.io/) (#389)
- [ ] Examples of policy verification with [OPA…
-
The repository contains examples beyond just sbom - for eg. saasbom/vex etc. Should we consider renaming the repository?
-
**Is your feature request related to a problem? Please describe.**
It is not related to a problem. It is more like a feature request.
**Describe the solution you'd like**
There is a concept calle…
-
SPDX 2.2 SBOM wraps the actual SBOM data in a "Document" object which is non-standard:
```
{
"Document": {
"spdxVersion": "SPDX-2.2",
...
}
}
```
This needs to be r…
-
At the 14-Mar-2022 PACE project meeting, one participant made an assumption that the query language for PACE would be qraphql. This issue is to open the discussion on the different possibilities and d…
-
First, apologies if I'm missing the obvious. I think there may be some test resource files that did not get checked into the source repository. For example, when running the test: `com.sourceauditor.s…
-
Define the Mapping logic from arbitrary input columns to standard attributecode columns