-
As check + periodic-daily job.
-
Sorry if I overlooked something obvious, but I miss a way to specify a `source` archive url for a component, as logical counterpart to the `distribution` type.
Many ecosystems have the concept of a…
-
Hello, I seem to have stumbled upon something which i am not sure is an expected behaviour or maybe my misunderstanding . I have tried to put everything together here. …
-
**Description**
This ticket is created to track the enhancement for running the analysis given an SBOM.
At the moment, Macaron needs to have the git URL of the main repo or the config file as an ent…
-
When using `chown` or similar in melange, I would expect the changes to make it into the tar file, but this doesn't seem to be the case.
For example, with this melange file:
```
package:
nam…
-
As per recent discussion with @sebasgomez238 on sbom-tool Repository, It is confirmed that We don't want to display information from within the SPDX file. SBOMs are representative of an individual pie…
-
To properly support V24 the SBOM must include not only Maven dependencies but also NPM dependencies coming from web components.
[CycloneDX](https://cyclonedx.org/) is currently used to generate the…
-
### What Happened?
❌ Exiting due to K8S_INSTALL_FAILED: Failed to update cluster: updating control plane: downloading binaries: downloading kubelet: download failed: https://dl.k8s.io/release/v1.27.…
-
While using the package v53.2.0 I was trying to fetch [SBOM for a repository](https://docs.github.com/en/rest/dependency-graph/sboms?apiVersion=2022-11-28#export-a-software-bill-of-materials-sbom-for-…
-
For this Docker Scout code snippet facing the mentioned below error.
```
- name: Docker Scout for image vulnerabilities
id: docker-scout
uses: docker/scout-action@v0.18.1
…