-
A working group that could create and curate CBOM (cryptography bill of material) for “important” OSS projects.
Ideally the resulting CBOM and process to create and updating the CBOM would be submi…
-
Command Run get *Python CBOM*:
`node /opt/cdxgen/bin/cdxgen.js -t python --include-crypto -o bom.json .`
Output:
![image](https://github.com/CycloneDX/cdxgen/assets/57455619/73b0ad30-cdb6-4603-ae…
-
The specification used for [CBOMs](https://github.com/open-quantum-safe/liboqs/blob/main/docs/cbom.json) has been upstreamed to CycloneDX 1.6:
https://github.com/CycloneDX/specification/releases/tag/…
bhess updated
2 months ago
-
### Current Behavior
Currently, Dependency-Track does not support cryptographic assets.
### Proposed Behavior
Add support for cryptographic assets and their dependencies once CycloneDX v1.6 is rele…
-
In the cbom.json, instead of reporting the specifc line of the finding, I get multiple lines:
```
"detectionContext": [
{
"additionalContext": "from hashlib import md5",
"file…
-
In the cdxgen update, a new function, mvn dependency:copy-dependencies, was added after the makeAggregateBom task. This addition has completely broken my pipelines because makeAggregateBom was working…
-
Seems there's a bug in case simplify? I'm using d5dfda20e063ce4c49f82555121ff95fafae1c76
```
➤ ../trunk-pmlc/bin/pmlc -Cbom.check-all=true fib-datatype.pml
***** Bogus BOM in Main after case-sim…
kavon updated
5 years ago
-
This issue is to track ~~#142~~ #165, the addition of the CBOM model from CycloneDX spec version 1.6.
See:
https://cyclonedx.org/docs/1.6/json/#components_items_cryptoProperties
https://cyclone…
-
From today's TAC call there is a need to develop a Project Security Governance/process working group to assist the TAC in its projects in establishing good security practices and bootstrapping vulnera…
-
As the Quantum Cryptography train moves at a faster pace, I think it prudent we rethink https://github.com/OWASP/ASVS/blob/master/5.0/en/0x14-V6-Cryptography.md to include Post Quantum Cryptography, t…