-
We need a automated method for evaluation "completeness" of SBOMs which can be incorporated into a pipeline.
The following tools have quality checks:
- [sbomqs](https://github.com/interlynk-io/sb…
-
As a user and creator of the Stackable SBOMs I'd like to know what their quality is.
```[tasklist]
- [ ] Evaluate https://github.com/eBay/sbom-scorecard
- [ ] Evaluate https://github.com/interlynk-io…
-
### Parent Issue
_No response_
### Task
We need to automate the generation of Software Bill of Materials (SBOM) using GitHub Actions. This automation should ensure that a new SBOM is generate…
-
CISA' [Framing Document Third Edition](https://docs.google.com/document/d/1uddfhPqflTOeYK7ZJjS4gGa8pspwez6mhJUjTrvu4J4/edit) is under community review and suggests SBOM field's described as
- Minimum…
-
Tracker for `Container Image with Python application`.
Work to be carried out in https://github.com/CISA-SBOM-Community/SBOM-Generation/pull/4
## Todo
- [x] Decide on tool for Container SBOM …
-
In the github release workflow, we have an Anchore SBOM Action that doesn't seem to be used further.
The SBOM that this action produces, should be pushed to Docker Hub just like the Helm chart https:…
wkoot updated
2 months ago
-
# Challenge 4: Enhancing System Security in Response to Industry Breach
**As the CISO of Globoticket**, I want to implement rigorous security practices to ensure our systems are fortified against vul…
-
[Issue28](https://github.com/oasis-tcs/osim/issues/28) proposes we have a place to start defining terms.
[Issue29](https://github.com/oasis-tcs/osim/issues/29) proposes to define the term "software …
-
[OWASP SCVS](https://scvs.owasp.org/scvs/v2-software-bill-of-materials/) is formalizing verification requirements for SBOMs.
sbomqs rules to test SBOM against as well output should be aligned to mee…
-
### Ticket Contents
## Description
This has two aspects, the first one being more high level information such as the lines of code, contributors, dependencies, repositories, commits. An automate…