-
We are using this library in `auditjs` to generate an SBOM to send to Nexus IQ Server.
We've run into an issue with a few libraries where the license is presented as something that isn't in your cu…
-
** Question **
I am running the ./update-and-run.sh script and failing with the following error:
kubernetes/tekton-resources/demo on main [!?] took 2s
❯ ./update-and-run.sh …
-
**What would you like to be added**:
Declaration of an official media type for Syft's JSON SBoM format.
**Why is this needed**:
Integration with the [Cloud Native Buildpacks](https://buildpac…
-
Hey Everyone!
I've been working on fleshing out relationship data for this SBOM generator:
https://github.com/anchore/syft
The question we've come across deals with Packages and how they relat…
-
see https://cyclonedx.org/use-cases/#dependency-graph
-
- [x] add CI/CT for all supported spec versions in the _reproducible_ examples
- [x] push example output to https://github.com/CycloneDX/sbom-examples
done via https://github.com/CycloneDX/sbom-e…
-
It appears, to be confirmed, that the SBOM validate tools are unable to handle large SBOMs (>1000 nodes).
 for multiple signatures that don't change the artifact digest or tag, we must support new artifacts that link t…
-
I tried out this tool on an open source repo I maintain called `cosign`. The repo is here: https://github.com/sigstore/cosign
I ran the tool at cosign commit `749c7e3e5d80f3fa976f31084317a556718c3e…
-
Thanks for creating the JSON Schema variant of the vulnerability extension. This prompted me to take a run at describing some real world data using the format. Here's the full example https://gist.git…