-
**Is your enhancement request related to a problem? Please describe.**
DejaCode allows to load packages associated with a product from an SBOM. A modern SBOM that fulfills requirements such as [BSI T…
-
### Discussed in https://github.com/dcm4che/dcm4che/discussions/1415
Originally posted by **jssuttles** April 2, 2024
Here are bomber (https://github.com/devops-kung-fu/bomber) results genera…
-
# Bug report
### Bug description:
The SPDX SBOM shown does not meet NTIA minimum requirements, there is no creation info.
NTIA Minimum Info Requirements:
https://www.ntia.gov/sites/default/f…
-
This is really not an issue specific to this tool but in case the tool was to implement a way of doing this it would be a great contribution to the versatility of both CDX and SPDX files.
We have t…
-
The TC received a [comment via its mailing list](https://lists.oasis-open.org/archives/csaf-comment/202402/msg00004.html):
> Additionally, I'd like to propose a standardized format for referencing …
-
### Ticket Contents
## Description
This has two aspects, the first one being more high level information such as the lines of code, contributors, dependencies, repositories, commits. An automate…
-
### Description of the feature request:
Bazel binaries must eventually come with an SBOM. We should be building that as part of the build itself.
### What underlying problem are you trying to so…
-
Hello there,
We use bomber pretty extensively when reviewing open source packages and other software that are in my company's environment. I was reviewing the open source package [eslint](https://git…
-
## Description
Syft offers the following two flags which could be useful for populating metadata on how an SBOM was generated
```
--source-name string set the name of…
-
backport https://github.com/longhorn/longhorn/issues/5099