-
pip uses a project called "vendoring", it should be fairly straightforward to add SBOM generation to a project like this especially because the results live in the source tree (rather than being gathe…
-
### Description
@terriko requested I open a new bug report:
in v3.4 of this tool when the micro-ecc version is set at 1 in the SBOM CSV file (because Excel keeps changing 1.0 to 1 before the CSV i…
tzirn updated
3 weeks ago
-
### Check existing issues
- [X] I have [checked for existing issues](https://github.com/Esri/calcite-design-system/issues) to avoid duplicates
### Actual Behavior
Calcite includes two dependencies …
-
Since SBOMs become more and more important and prominent to describe what exactly has been used to build the software and was finally packaged into the software product, it should be possible to handl…
-
As already described in https://github.com/firecow/gitlab-ci-local/issues/1026.
It seems that the rsync command which is executed by gcl is not 100% working under windows gitbash.
I can run "gcl…
-
**Is your feature request related to a problem? Please describe.**
Mostly, an auto-generated SBOM can only be as good as the metadata provided the project / packages. As such it might be unfair to …
-
When I try to scan locally built Docker images with the Docker Scout _GUI_, then I get a security report.
However, when I use the Docker Scout CLI, then it crashes with a strange error trace. I think…
-
### **Proposal: Integrating SBOM and Attestations with Backstage through a Chainloop Extension**
### Context:
I recently developed a version matrix plugin for Backstage that presents package listing…
-
### Description
The LICENSE.md file is missing in the released packages and is not shipped.
This prevents SBOM generation tools from collecting evidences for Copyright or Original Licenses.
###…
-
[As of now](https://github.com/CycloneDX/cyclonedx-rust-cargo/blob/7596551f4caeb368e500c501b5a28f80d5347aa0/cargo-cyclonedx/src/generator.rs#L251-L252), cargo-cyclonedx explicitly creates sub-componen…