-
In a recent draft response to NIST regarding the Executive Order, OpenSSF (Linux Foundation) had an initial statement from David Wheeler that they would pay to write SPDX plugins. SPDX is over ten yea…
-
there is a repo https://github.com/CycloneDX/sbom-examples
it hosts example output of this project as https://github.com/CycloneDX/sbom-examples/tree/master/laravel-7.12.0
there s a demo project f…
-
### Background
The [OSV schema](https://tinyurl.com/vuln-json) has been [adopted by Go, OSV, Python, Rust, and UVI](https://github.com/google/osv#current-data-sources) to describe vulnerabilities i…
-
Hi there!
I'm trying to emit a CycloneDX SBOM in trailofbits/pip-audit#109, **including** vulnerability information via the `Vulnerability` model. Everything works swimmingly when I serialize to XM…
-
There is not a definitive endpoint path within the specification other than the [examples annex](https://github.com/oasis-tcs/openc2-impl-https/blob/master/open-impl-https.md#annex-b-examples) of `/op…
-
The `mediaType` field is present in the artifact manifest spec, presumably copied over from the OCI image manifest or image index specs. According to those specs, it's a field that is kept around for …
-
This is a work item for EPIC https://github.com/AdoptOpenJDK/openjdk-build/issues/2522.
The aim being to "prototype" an initial attempt at being able to "recreate" an Adopt build based on specifying …
-
### `brew gist-logs ` link OR `brew config` AND `brew doctor` output
```shell
HOMEBREW_VERSION: 3.5.10-49-gb2ddb34
ORIGIN: https://github.com/Homebrew/brew
HEAD: b2ddb341a0489834dbbfcb57544d87c4…
-
Given robust product identification is an important factor for consumers of Security Advisories (SAs) this proposal shall offer other optional properties to the Full Product Name type (`full_product_n…
-
... let us make a real version 2.0! There are tools that can go from XML to JSON schema and back again (mostly) so hopefully we bring more to the table with the new major version than just offering J…