-
**Problem**
The SBOM community has identified multiple types of SBOM:
Software Bill of Materials (SBOM) -- the default of course
Software-as-a-Service Bill of Materials (SaaSBOM)
Hardware Bill o…
-
RKE2 images will be published to the rancher prime registry and signed with cosign. Additionally, images are to include an SBOM manifest provided by docker buildx.
Build pipelines in the image-buil…
-
When we are generating SBOM for gradle projects, SBOM generation is not generated. The below command is executing while generating SBOM,
Executing 'mvn org.cyclonedx:cyclonedx-maven-plugin:2.7.9:ma…
-
## Assessments results on discrepancy of SBOM ecosystem and some suggestions
### Background
As SBOM can be widely used in software software chain management, the capability and issues within S…
-
Currently, Syft is used to generate SBOMs. The fidelity of the resulting SBOM is very low. It does not contain provenance information of included dependencies. This information is typically included i…
-
Hi,
it seems the development activities for https://github.com/CycloneDX/cdxgen were intensified in 2023 and ongoing.
Is there a way to collaborate / align to use the benefits of CDXGen and join for…
-
## Goal
Create a reusable workflow for building Cilium's set of docker images and adjust each image build workflow to consume it.
### Context
In the `cilium/cilium` repository, we have the fo…
-
[BOM or SBOM (Software Bill of Materials)](https://en.wikipedia.org/wiki/Software_bill_of_materials) are becoming a fundamental piece to understand a project and its dependencies (i.e. check latest [E…
-
### Current behaviour
The SBOM creation sometimes fail with `Timeout waiting to lock buildSrc build lock. It is currently in use by another Gradle instance.`
### Expected behaviour
The SBOM c…
-
We aim to enhance the supply chain security of Jenkins X by adding SBOM generation to the release pipeline of each jx binary.
The current procedure for this is to include two important steps from the…