-
**What would you like to be added**:
when pip packages are installed from non default pip indices (pypi), we should store the pip repository url in the sbom
**Why is this needed**: useful to kn…
-
Checklist:
* [X] I've searched in the docs and FAQ for my answer: https://bit.ly/argocd-faq.
* [X] I've included steps to reproduce the bug.
* [X] I've pasted the output of `argocd version`.
…
-
This issue is to suggest a `github-release` purl type, discuss the motivation, and list some possible alternatives.
### Motivation
At GitHub we're working on [some improvements to GitHub Releases](h…
-
**What happened**:
I have a package-lock v3 file and have ran npm install. I've verified all 3rd party packages are installed to the local node_modules folder. When running this I get an syft-json SB…
-
In recent SBOMs (not sure when that was added) the SBOM packages contain additional external CPE references of type "security" (also see: https://spdx.github.io/spdx-spec/v2.3/external-repository-iden…
ctron updated
1 month ago
-
Is there any method to get dependency-graph for repo?
-
Running `mvn clean package` fails to resolve all dependencies.
```
Could not resolve dependencies for project org.cyclonedx.contrib.com.lmco.efoss.unix.sbom:linux-sbom-generator:jar:3.1.0-SNAPSHOT…
-
### Verification
- [X] This issue's title and/or description do not reference a single formula e.g. `brew install wget`. If they do, open an issue at https://github.com/Homebrew/homebrew-core/issues/…
-
**Expected behaviour**
[gh-sbom ](https://github.com/advanced-security/gh-sbom) is the newest sbom generator that can traverse through GitHub dependency-tree to build a sbom in CycloneDX or SPDX (JSO…
-
# SBOM basics write up
## Strategy and Steps to Create a SBOM Pilot Demo for the "volttron-core" Repository
### Significance of Using SBOM
A Software Bill of Materials (SBOM) is a comprehensi…