-
To ensure sbom.json we release is valid by cyclonedx, we can use [cyclonedx-cli ](https://github.com/CycloneDX/cyclonedx-cli)to validate in our build system.
another option is https://github.com/IB…
-
Picking up the question from https://github.com/anchore/syft/pull/2131#issuecomment-1719529908:
The CycloneDX contains this metadata when using it on a conan lockfile.
```json
"metadata": {
…
Pro updated
10 months ago
-
### Current Behavior
REST API method usage does not conform to HTTP specifications https://www.rfc-editor.org/rfc/rfc9110
Some examples:
| Method | RFC / best practices | this API | Hint |
|…
-
When attempting to convert a file twice in a row, the resulting file is blank. The file after the first conversion is not blank. This error occurs with spdx and cyclonedx files.
What should happen:…
-
## Untracked attendees
- Fullname, Affiliation, (optional) GitHub username
- ...
## Meeting notices
- FINOS **Project leads** are responsible for observing the FINOS guidelines for [running proj…
-
When processing aggregate BOMs it's possible to encounter projects which would cause the resolution of dependencies for a component to differ, for example
- during the resolution process, with differ…
-
Just wondering if you have plans to implement for Swift and Kotlin languages as well to scan vulnerabilities for mobile application SDKs as well.
-
This question is related to #12
We claim in our goals and purpose that there are barriers to SBOM adoption. We should be more clear about this.
Rather than just claim this is true, we should fin…
-
Happy path examples!
GET /package?purl={:purl}
Response:
```
{
"ref": "https://.../package/?purl={:purl}",
"relatedVersions": [
"1.2.3"
],
"vulnerabilities": [
…
-
# Add `anchore/syft`
We want to add `anchore/syft` because...
- it works consistently across Windows, Mac, and Linux.
- `syft` is a CLI tool from Anchore for generating SBOMs from a container o…