-
I saw that the packages mention `io.github.csaf.sbom.*`. However, If I remember correctly, we only own the namespace `io.github.csaf-sbom.*` as https://github.com/csaf was already taken.
What am I mi…
-
## Description
`mvn` handles `modules` separate.
Trivy uses same logic:
https://github.com/aquasecurity/trivy/blob/57e24aa85382f749df7f673e241caaf3fcbb45cb/pkg/dependency/parser/java/pom/parse.go#L…
-
### Issue Description
SBOM flags are not respected while `podman build` command.
Meanwhile sbom options fails if wrong input.
Builds were made inside `container quay.io/containers/podman:v5`
…
-
You will need to create a SBOM for each version of Python which the package supports as the dependencies will vary depending on the rlease of Python. There are also differences between different suppo…
-
-
Just like https://github.com/Xpra-org/xpra/issues/4050
-
-
### What is it?
Using the SBOM data, we need to create consistent logic for deriving the `artifact_name` and `artifact_namespace` for a package **and** linking it to the project / GitHub repo that ow…
-
In reference to https://github.com/dotnet/dotnet-docker/issues/5973
We (.NET Team) have been working closely with Canonical on Chiseled images:
- https://devblogs.microsoft.com/dotnet/announcing-dot…
-
Would it make sense to survey and recommend libraries for generating SBOM metadata for Python packages as part of this project?
Full disclosure: I'll actually need to add SBOM support to my current…