-
Currently, `product_identification_helper` allows a purl to be defined as a single item:
```json
"purl": {
"title": "package URL representation",
"description": "The package URL (purl) attri…
-
Expected Behavior
=================
➜ ~ slim build --target ghcr.io/cyclonedx/cdxgen:latest --tag ghcr.io/cyclonedx/cdxgen:slims --http-probe=true
cmd=build info=param.ht…
-
Feedback from @mrutkows: it would be valuable to call out explicitly putting a link to a BOM in `byproducts`. This is similar to #669 from @chitrangpatel that it's not clear where to put the build spe…
-
### Contributing guidelines
- [X] I've read the [contributing guidelines](https://github.com/docker/buildx/blob/master/.github/CONTRIBUTING.md) and wholeheartedly agree
### I've found a bug and …
-
**What would you like to be added**:
A Package Url from the docker image is missing in the generated SBOM.
Could you please provide the purl for the root component (metadata.component.purl)?
Here…
-
Also seeing this in #587
```
$ ci=ghcr.io/google/ko@sha256:8fa68c86562684f946e92086a6a4d1f17ee116fff32e157e68f96dbf948b0783
$ ko deps $ci --sbom=go.version-m
/ko-app/ko: go1.17.7
path github.c…
-
### Current Behavior
Cdxgen version 6.0.12 used to create a SBOM against that was ingested to Dependency Track v4.7.0
The component jQuery has version 3.2.1 but it is highlighted as risk: outdated…
-
Hi,
(Not sure if i'm right here, because it's a contributor question and i'm not so familiar with go)
I would like to implement openbsd OpenSSH and portable OpenSSH binary detection with correct…
-
Hi,
after upgrading to the latest version of the operator, we've stumbled upon the following behaviour:
* vulnerability-report pods were spawned continuously
```sh
$ kubectl get pods
NAME…
-
### Description
I'm using the following in my project:
``` yaml
develop:
watch:
- action: sync+restart
path: ./cmd/interface
target: /app/cmd/interface…