-
There is a concept of [SBOM](https://www.cisa.gov/sbom) that's implemented with [different standards](https://scribesecurity.com/sbom/standard-formats/#what-is-an-sbom-standard) and one of them is Cyc…
-
#### What would you like to be added:
Since the early days of [cosign](https://github.com/sigstore/cosign), attaching SBOMs to images has been a common pattern. Since `bom` can generate SBOMs of im…
-
`uv` is in a prime position to be able to emit an SBOM that reflects the state of the current `uv`-managed virtual environment.
[SBOM](https://www.cisa.gov/sbom) requirements supercede any existi…
-
**What would you like to be added**:
#726 brought initial support for generating SBOMs for NuGet packages 🎉 . One significant gap in the metadata in those SBOMs is license information. It'd be aweso…
-
With `docker`, we can save multiple images inside the same archive:
```
docker save img1:latest image2:latest > archive.tar
```
Currently, if an archive is generated like that, we get the follow…
-
**Feature request**
Some vulnerabilities are only present if a dependency is brought in directly exposed by direct dependency. In some cases, the vulnerability does not exist if the dependency is a…
-
## Description
We catch the limitation error in the AWS Inpector CLI command to scan SBOM files. Error log message:
`An error occurred (ValidationException) when calling the ScanSbom operation: In…
-
Hello, and thanks for the awesome CLI -- it's helping me merge up a bunch of SBOMs. However, I noticed that my SBOMs have duplicate components in them.
I think this would be fixed by the latest ve…
-
OCI has done a fair bit of work on defining a new referrers API that is used to associate metadata like SBOMs, signatures, and VEX to container images. The key piece of data needed to lookup that meta…
-
**What would you like to be added**:
cosign supports attaching SBOMs to OCI registries[^1] (also has a spec for it [^2]), so we (w/@dentrax) thought that it would be nice to have the same one for S…