-
**What would you like to be added**:
SBOM formats such as CycloneDX and SPDX support including the full text of a license with a component. It would be great if syft could extract this information wh…
-
### Description
Running scancode.io on https://registry.npmjs.org/tx2/-/tx2-1.0.5.tgz does not find the copyright from LICENSE file:
Expected finding:
`Copyright (c) 2077 PM2`
Result is (s…
-
We routinely run Black Duck scans on our product to identify vulnerabilities or issues, whether they originate from third-party components or our own codebase. After upgrading to .NET 8 and using the …
-
### Discussed in https://github.com/mercedes-benz/sechub/discussions/2707
Originally posted by **gruenich** November 24, 2023
What do you think about supporting your costumers with creating an…
-
The WTFPL is not recognized by some enterprise-level scanning tools (like [Mend](https://mend.io) as an allowable license. I realize this is more likely than not an issue with my company's configurati…
-
Would be a great feature to open up this plugin so that more files types could be scanned, maybe configure which files from the UI in a similar way as the C++ (Community) plugin does.
**Source code…
-
First, essential topics to develop teaching materials for:
- [ ] git / GiHub
- [x] OS licensing
- [ ] reproducible open science
Ideas:
[Scanned Documents.pdf](https://github.com/gwu-libraries/OSPO…
-
**Project description**
The firmware analysis tool has been rewritten in rust, according to https://github.com/ReFirmLabs/binwalk/issues/691 the first release will be created in the next days.
…
-
This repo is signed up as part of the KubeCon [Security Slam](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/attend/experiences/#security-slam). I'm bringing to your attention…
-
In a recent scan of tika-parsers-1.28.5-sources.jar the text "under CDDL/LGPL dual license" was not detected as a choice of `cddl-1.0 OR lgpl-2.1-plus` but instead returned `unknown-license-reference`…