-
## Summary
SPDX SBOM Generator not working for java maven project
## Background
Provide context to the issue - provide steps to reproduce the behavior, such as:
1. Download spdx-sbom-gener…
-
It would be neat to generate apko YAML files from an SBOM, something like:
`syft packages alpine:latest --output cyclonedx-json | apko import -f cyclonedx > alpine-latest.yaml`
But it seems like…
-
Daggerboard installation method : docker
## Description
I uploaded the SPDX-DAGGERBOARD-1-0-SBOM-20-5-2022-23-40.spdx provided in this repository on daggerboard. The SBOM is correctly analyzed, …
-
### Requirement
To receive awards for compliance with CNCF best practices, Jaeger needs to implement SBOMs that will clear [this check](https://clomonitor.io/docs/topics/checks/#software-bill-of-ma…
-
### Current Behavior
Some commercial software vendors provide advisory information in CSAF 2.0 format. These include RedHat and Oracle, among others. There isn't currently a good way to identify vu…
-
**Is your feature request related to a problem? Please describe.**
As a user of the Thoth Adviser GitHub action, I would like to get a Software Bill Of Materials of my dependencies at the end of th…
-
Hi,
according to the documentation: `This operator scans all SBOMs from a git-repository for vulnerabilities using Grype`
The **sbom-operator** could generate a SBOM and store it into an OCI-Regis…
-
## Summary
I wanted to try out this tool and just ran it. It didn't produce any usable output and just threw a cryptic error.
```
INFO[2022-06-09T14:24:20Z] Starting to generate SPDX ... …
-
Currently, `product_identification_helper` allows a purl to be defined as a single item:
```json
"purl": {
"title": "package URL representation",
"description": "The package URL (purl) attri…
-
https://github.com/anchore/syft provides support for creating SBOM files for a wide variety of languages and frameworks, which might be worth exploring if and how it could help the https://github.com/…