-
Inspired by [the CBOM Comments](https://github.com/Santandersecurityresearch/cryptoinventory.datamodel?tab=readme-ov-file#cbom-comments) regarding serial number:
Instead of using the `serialNumber`…
-
Can you please clarify if there is specific query that is used for sarif file generation of this would be enough:
```bash
codeql database create java-db --language=java
codeql database analyze ja…
shafr updated
1 month ago
-
### Current Behavior
Dependency-Track tracks "Classifier" for both project and component. Classifier in Dependency-Track is based on CycloneDX component "type"
In v4.12.1, DT supports the followin…
-
## Feature Request
### Description of Problem:
In the October schema, we have introduced the concept of control requirements (a JSON schema following the `control-requirement` base schema). The …
-
Command Run get *Python CBOM*:
`node /opt/cdxgen/bin/cdxgen.js -t python --include-crypto -o bom.json .`
Output:
 -- the default of course
Software-as-a-Service Bill of Materials (SaaSBOM)
Hardware Bill o…
-
### Current Behavior
Currently, Dependency-Track does not support cryptographic assets.
### Proposed Behavior
Add support for cryptographic assets and their dependencies once CycloneDX v1.6 is rele…
-
In the cbom.json, instead of reporting the specifc line of the finding, I get multiple lines:
```
"detectionContext": [
{
"additionalContext": "from hashlib import md5",
"file…
-
**Library Version:** `7.6.1`
**Description:**
**Steps to Reproduce:**
1. Use the example JSON provided in the [CycloneDX bom-examples repository](https://github.com/CycloneDX/bom-examples/blob/c0436…
-
If cryptographic values are interdependent, the “internal” cryptographic references should be used to define these relationships.
### Example:
if a `key` dependence on an `algorithm` use the `cry…