-
### Current Behavior:
if a PHP's composer component has a version with a leading `v` it is not handled properly:
- detection of newer version fails if they have a leading `v` in them
- detection …
-
Does this application support generation of SPDX?
The other clients, that mentioned spdx supported, [scanner.py](https://github.com/scanoss/scanner.py) and [scanner.c](https://github.com/scanoss/sc…
-
I have been trying to figure this out. It looks like `oras.Pull()` returns the descriptor for each of the layers.
How do I use the library to extract the config? Looking at the [OCI spec for the m…
-
The set of analyzers will surface packages based on the small set of rules that each analyzer is coded to enforce. This may surface multiple packages from the same underlying source (e.g. python egg-i…
-
target: https://github.com/CycloneDX/sbom-examples/tree/master/laravel-7.12.0
- [ ] create new PR with latest examples
- [ ] close https://github.com/CycloneDX/sbom-examples/pull/11
-
Currently, the `func.yaml` file describes a Func project and it follows its own conventions and [schema](https://github.com/knative-sandbox/kn-plugin-func/blob/e918f74b9e177989ac520ae430dd5f232b393deb…
-
(Apologies in advance if this has already been discussed and resolved, if there are links to discussions where these have already been hashed out I'm happy to go read those instead)
I've read throu…
-
Shouldn't https://github.com/oras-project/artifacts-spec/blob/1.0.0-draft.1/examples/net-monitor-oci-image.json have the `artifactType` field?
-
I strongly believe that the easiest way for a customer is, not having to worry about version ranges. Nevertheless, I also understand the PSIRTs working hard to compile advisories to the best of their …
-
I'm opening this issue as a question, as the [readme](https://github.com/package-url/purl-spec/blob/master/README.rst) states purl is scoped to:
> A purl or package URL is an attempt to standardize…