-
Currently, `product_identification_helper` allows a purl to be defined as a single item:
```json
"purl": {
"title": "package URL representation",
"description": "The package URL (purl) attri…
-
## Description:
sbomqs currently lacks a vulnerability scanner, which is essential for identifying potential security risks in the software components. Integrating a Trivy vulnerability scanner can…
-
This issue aim to track work on migration from `yarn-classic` to `modern yarn`
(**Spoiler :** we finally decide to go with `npm`)
This is part of https://github.com/eclipse-leshan/leshan/issu…
-
## Summary
SPDX SBOM doesn't work for Java Gradle projects. Though the projects are able to build fine locally, when I run the spdx-sbom-generator, it gives out a dependency error sometimes or fail…
-
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Config Migration Needed
- […
-
### Description
It would be very useful to generate SBOM with purl entries through [purl2cpe](https://github.com/scanoss/purl2cpe) which is licensed under MIT. My basic idea would be to fill purl e…
-
### Feature request
When using a `go_repository`, the repository rule knows the origin and precise version information of the third party repo being loaded. However, because this information is not…
-
# Trending repositories for C#
1. [**space-wizards / space-station-14**](https://github.com/space-wizards/space-station-14)
__A multiplayer game about paranoia and chaos on a spac…
-
## Summary
Got error message `Unable to fetch package details` when I try to generate the SBOM, the error has no more details or verbose log, I have no idea what's happening or what's required to m…
-
Hi guys,
When I scan a Rust(cargo) repository (e.g https://github.com/rust-lang/rustlings), the sbom file result contains these purls:
```
pkg:cargo//ryu@1.0.17#
pkg:cargo//which@6.0.1#
pkg:cargo…