-
I can see that SBOMs are generated by `make oci-build-manager` in trust-manager. It looks like these would be helpful to publish in releases, and it shouldn't be hard to add them to github releases.
…
-
**What happened**:
Generated SPDX is invalid, mandatory copyright text is missing
**What you expected to happen**:
SPDX should be valid
**Steps to reproduce the issue**:
```
syft docke…
-
Given the technology is growing into the level of tens of thousands of repositories, we should have a better way to scale the ingestion of that information.
SBoMs are files that (ideally) contain all…
-
**What happened**:
Trivy tool had the same issue which was [raised here](https://github.com/aquasecurity/trivy/discussions/5984).
We are using syft to generate SBOMs for our Dart/Flutter project…
-
There is a need to be able to attest to the transformation of SBOM information from one format to another, and carry this attestation with the SBOM generated (rather than as a side car/ encapulating e…
-
In SPDX 2.3 spec (https://spdx.github.io/spdx-spec/v2.3/how-to-use/#k21-us-executive-order-14028-minimum-elements-for-an-sbom) the table includes **SBOM Minimum Field**: Component Hash and according t…
-
Hey there,
I am working on AlmaLinux's SBOM generator, extending it so that our SBOMs contain NTIA's Minimum Elements. However, I've got a couple of questions regarding relationships in SPDX docume…
m10k updated
3 months ago
-
We can get this for free instead of doing the string manipulation we do now.
-
According to the documentation and output files, the format of the SPDX document is in version 2.2 ("spdxVersion": "SPDX-2.2")
However, according to the German Federal Office for Information Securi…
-
Hello,
The information at https://ko.build/features/sboms/ tells you to display the generated SBOM using `cosign download sbom` and while this works the tool (and the docs the command links to on t…
eest updated
2 months ago