-
**Description**
we (w/@dentrax) thought that there are no SBOMs files generated and signed for both `cosign` and `cosigned` projects, so we're proposing to generate, sign them right after generatin…
-
**What would you like to be added**:
We are using grype but our generated SBOM files are not always generated by Syft. We'd like to understand what is needed to accept this standard format.
**Why …
-
See e-mail from Steve Dower.
The only part we need to worry about right now is the Software Bill of Materials. See https://www.1eswiki.com/wiki/ADO_sbom_Generator for more details. This needs to be…
-
Is it on the roadmap to support the `install_dependencies` set in `setup.py`? It would mean fewer steps from project to bom.xml for projects that utilize a `setup.py` file.
-
The proposal is to publish SBOM (“Software Bill of Materials”) artifacts for goreleaser as part of each release.
e.g.: https://github.com/CycloneDX/cyclonedx-gomod#goreleaser-
https://github.com/…
-
**Describe the Feature**
Rather than generate SBoM for the whole container image, generate it for a specific layer.
**Use Cases**
- This feature will be useful in generating SBoMs for each contai…
-
**Bug description**
i'm trying to use the item pipes to transfer from one chest to another one and i cant make the pipe on the first chest to expell items going into the mod config in game don't reso…
-
Hey!
I'd like to know, how to declare the license for external dependencies, which are not part of the project repository itself but still part of the compiled binaries (eg. dependencies defined vi…
-
## Summary
I tried to run an app created in .net with spdx-sbom-generator, but I get "panic: runtime error".
## Background
1. Download spdx-sbom-generator-v0.0.10-windows-amd64
2. Launch the c…
-
see https://cyclonedx.org/use-cases/#dependency-graph