-
The output (tv, yml, json, xml, and rdf) only appears to define relationships between top level packages and their immediate dependencies but does not include higher order dependencies i.e. dependenci…
-
According to SPDX Specification v2.2 Section 3.14.1, licenses not included in the SPDX License List (https://spdx.org/licenses/) should be preceded by "LicenseRef-". I have a project whose generated S…
-
The algorithm listed in the PackageChecksum field states "SHA-1"; however, according to SPDX Specification v2.2 Section 3.10.4, the only valid algorithms for this field are SHA1, SHA224, SHA256, SHA38…
-
https://github.com/CycloneDX/cyclonedx-cli
https://github.com/opensbom-generator/spdx-sbom-generator
https://github.com/anchore/syft
https://github.com/anchore/grype
https://github.com/ter…
-
In version 0.3.8a2, it appears only Microsoft-.NET-Library licenses are included in the Extracted Licenses section. Should this include all licenses?
-
**Question**
Does the sbom generator work with C/C++ that is not package managed?
-
**Is your feature request related to a problem? Please describe.**
Compliance: add the BOM generation to the release builds
**Describe the solution you'd like**
See [ADA SBOM generator](https:/…
-
Hey everyone!
Laurent @laurentsimon and I presented about a reusable workflow + OIDC-based signing to achieve SLSA 3 in GitHub Actions at the last SLSA bi-weekly. We were hoping to migrate or donat…
asraa updated
2 years ago
-
Using the _all_ argument with the _--type_ option only outputs xml, yml, json, and tv but does not include rdf. This is probably because the _rdf_ option outputs reports with a .xml file extension. Wo…
-
**Bug Description**
ICICI from Meteonic has tried setting up the ws-sbom-generator and they are facing the issue presented in the attached screenshot
**Screenshots**
If applicable, add scre…