-
Hi,
according to the documentation: `This operator scans all SBOMs from a git-repository for vulnerabilities using Grype`
The **sbom-operator** could generate a SBOM and store it into an OCI-Regis…
-
**Question**
I use passkeys to identify orgs and users when they sign in to a golang system that I am working on .
the system produces artifacts into their GitHub or other git servers . These ar…
-
### Description
The /events/ endpoint has a until parameter that according to the [docs](https://docs.docker.com/reference/api/engine/version/v1.47/#tag/System/operation/SystemEvents)
> Show event…
-
### Description
I installed Docker and Docker Desktop when my local Mac account was an admin. Now, because of tightening security policies at work, my account is _not_ an admin, though I have a sep…
-
I'm currently working on generating SBOM for a yocto based embedded distribution and I'd like to use dependency-track. I have a semi-working solution to get my SBOM into dependency track but it's not …
-
The current npm JSON parser implements JSON reading using `ioutil.ReadJson` which is deprecated. Plus, some considerations with `package-json.lock` file is not supported.
See https://github.com/ope…
-
I detected some issues that should be addressed.
-
This issue is to suggest a `github-release` purl type, discuss the motivation, and list some possible alternatives.
### Motivation
At GitHub we're working on [some improvements to GitHub Releases](h…
-
Could be more than one asc for each SBOM.
I'm thinking another path in the bucket, associated by id?
-
## current state
CycloneDX allows describing components, and the dependency graph.
Each component can have exactly one version, no version range.
Components can be connected in a dependency grap…