-
some analyzers do not like long PURLs - for unknown reasons.
see #90
see #224
see https://github.com/CycloneDX/cyclonedx-node-npm/discussions/280
Therefore, a CLI switch to drop all PURL qual…
-
One of the open questions at the bottom of the README asks:
> Should we preference towards purls or CPEs? Both?
After considering this question and doing some related (but not definitive) resear…
-
Prepare a list of PURLs they may be not fixing any vulnerability or not vulnerable to anything.
-
```yaml
policy: |
pattern not-affected = cyclonedx::component-purls | lang::map | osv::from-purl | openvex::from-osv | list::none
name: vulnerabilities::not-affected
```
-
The call to see the differences betweem URI and identifier:
https://data.agroportal.lirmm.fr/submissions?&display=identifier,URI&display_links=false&display_context=false
-
First: a nice and very helpful project. Thanks for that.
The Subject: I have a .spdx (tagged, not json) with multiple packages. The first one is quite large (>200k lines) and doesn't have PURLs. Fo…
-
# Description
If a permalink is available for a resource, the permalink should be used instead of the non-permalink in URI values.
# Done Looks Like
- [ ] URIs use permalink values when available
# …
-
**What would you like to be added**:
More reusable primitives when syft is used as a library. This would be able to do at least the following tasks:
- get source objects from descriptions + confi…
-
https://github.com/nexB/purl2cpe and https://github.com/sbs2001/purl2cpe have long been using this name. Please try to find another name for your project to avoid confusion, even if the purpose are si…
-
When scanning a CycloneDX file from https://github.com/CycloneDX/cyclonedx-rust-cargo no output is generated.
It would be nice, if the user is informed if the BOM has been scanned or not (for some…