-
* Related #3550
This is mostly a placeholder for @anthonyharrison to fill in more details below (or replace this issue with his own when he's got time to write it out)
# cve-bin-tool: Improved T…
-
# Summary
Propose to switch the official image from alpine based to [wolfi](https://github.com/wolfi-dev/os)-based image.
Wolfi is a distroless OS by Chainguard. Similar to Google's distroless p…
-
@lfpratik
**Tool Version** Cloned code from main branch of https://github.com/spdx/spdx-sbom-generator on 11-06-2021 and built the tool
**Test Repo** https://github.com/lfpratik/spdx-poetry-demo
*…
-
**Describe the bug**
Discovered by [kurt-r2c](https://github.com/kurt-r2c) in original PR https://github.com/guacsec/guac/pull/896:
The CycloneDX specification as of 1.4 does not require the com…
-
# Trending repositories for C#
1. [**space-wizards / space-station-14**](https://github.com/space-wizards/space-station-14)
__A multiplayer game about paranoia and chaos on a spac…
-
**Bug Description**
The code in the generator is generating an array of `copyrightText` entries, when the spec defines it as a free-form text field:
(See: https://spdx.github.io/spdx-spec/v2-dra…
-
When we get Mend Generated CycloneDX Formatted SBOM, we come across a field `email: "NO ASSERTION"` in the components part, When we try to validate these SBOMs, it causes trouble. Can we fix this No A…
-
This is a tracking issue for SLSA 1.0 support. Feel free to edit this ticket with issues related to supporting SLSA 1.0 requirements/spec.
-
## Summary
https://github.com/spdx/spdx-sbom-generator/blob/main/pkg/modules/javamaven/decoder.go#L173
the artifact hash should not be on the name of the module.
For example the artifact `com.g…
-
I will use this epic as a way to gather all the information related to this project
- Official CycloneDX tools center -> https://cyclonedx.org/tool-center/
- Fail to generate spdx file for packa…