-
**Repo used for testing** https://github.com/mlehotskylf/sample-java-programs
Observed that duplicate Package details are displayed for modules in SPDX. PFA SPDX file for reference
[bom-Java-Maven…
-
**Description**
In order to read the SBoMs of previous layers, we need a method to read the JSON blobs formatted in the same way as it is generated. For this purpose, we create a "load" method in the…
-
## Terminal Stuff
* [x] `$ brew upgrade bat fzf git heroku hokusai hub macvim the_silver_searcher tmux yarn`
* [x] `$ replug`
* [x] `$ asdf update && asdf plugin-update --all && asdf reshim`
* [x] `$…
-
... let us make a real version 2.0! There are tools that can go from XML to JSON schema and back again (mostly) so hopefully we bring more to the table with the new major version than just offering J…
-
When generating an SBOM a timestamp should be generated and added to the metadata element.
Example in JSON format
```
{
"bomFormat": "CycloneDX",
"specVersion": "1.2",
"serialNumber": "u…
-
How do cve-bin-tool, claire, and trivy compare?
- https://github.com/tern-tools/tern#cve-bin-tool
- https://github.com/intel/cve-bin-tool
- https://github.com/coreos/clair
- https://github.com…