-
Hipcheck today effectively produces three artifacts with each release, each of which should have an SBOM:
- [ ] Hipcheck Docker image published to Docker Hub
Of these, the binaries are probably …
-
please add foss disclosure for your container release.
Julian Schregle [julian.schregle@mercedes-benz.com](mailto:julian.schregle@mercedes-benz.com), Mercedes-Benz Tech Innovation GmbH, [legal info…
-
### Current Behavior
I collected the sbom of all rpm packages in the CentOS system through the syft(https://github.com/anchore/syft) tool, the format of the sbom file is cyclonedx-json, then I upload…
-
### Current Behavior
Uploading sboms generated with trivy 0.53 for SLES 12.5 and 15.x can't be scanned by the trivy analyzer, because the OS is not detected by trivy, trivy 0.53 server log:
```
INF…
-
There was a [USA Cybersecurity Executive Order issued in 2021](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/) that re…
-
### Current Behavior
### Steps to Reproduce
1. One of the ways this can be caused is through an SBOM update. The Attributed date is updated but the vulnerability stays the same. I also not…
-
### Current Behavior
Hi,
Our process makes daily scans of all our projects, create the SBOM and load it to Dependency Track, Unfortunately, for some projects we are getting errors like this:
`ER…
-
### Current Behavior
Generate an SBOM of a docker image using syft:
`syft packages mcr.microsoft.com/oss/kubernetes-csi/csi-resizer:v.1.1.0 -o cyclonedx-json > test.json`
This will result in an SBO…
-
CISA' [Framing Document Third Edition](https://docs.google.com/document/d/1uddfhPqflTOeYK7ZJjS4gGa8pspwez6mhJUjTrvu4J4/edit) is under community review and suggests SBOM field's described as
- Minimum…
-
### Current Behavior
In Debian, the perl executable is contained in the package `perl-base`, and not `perl` - cf https://packages.debian.org/bookworm/amd64/perl-base/filelist
Since most of the ti…