-
### Describe the bug
Validation error reported from the SPDX online validator
https://www.python.org/ftp/python/3.12.2/Python-3.12.2.tgz.spdx.json
Analysis exception processing SPDX file: Duplicat…
-
**What would you like to be added**:
We are using a SPDX "user defined license references" (aka LicenseRef), which are not defined by a standard SPDX license identifier. When we let grant check the…
-
when use trivy to scan the image, got some vulnerbiltiy,
but using this sbom tool to getnerated .\_manifest\spdx_2.2\manifest.spdx.json, then run trivy sbom .\_manifest\spdx_2.2\manifest.spdx.json
re…
-
You will need to create a SBOM for each version of Python which the package supports as the dependencies will vary depending on the rlease of Python. There are also differences between different suppo…
-
**What happened**:
export SYFT_FILE_METADATA_SELECTION="all"
syft scan "${REPO_PATH}" -o cyclonedx-json > sbom.json
syft scan "${REPO_PATH}" -o spdx-json > sbom.json
**What you expected to hap…
-
**Describe the issue**
In the generated SBOM file:
https://github.com/FreeRTOS/FreeRTOS-Kernel/blob/V11.1.0/sbom.spdx#L15
is the URL: https://github.com/FreeRTOS/FreeRTOS-Kernel/tree/v11.1.0
whi…
-
## Summary
Support generating SPDX manifests and check them with the advisories database?
-
A JSON file containing raw newline characters does not produce an error.
I want a JSON file containing raw newline characters to trigger a parser error, but it does not.
While the JSON parser do…
-
The REUSE tool currently generates a SPDX software bill of materials only in the SPDX-2.1 format. As an example, [I attached the output](https://github.com/fsfe/reuse-tool/files/6849366/reuse.spdx.txt…
-
## Background
- SBOM Tool currently only supports SPDX 2.2.
- New version (2.0.0) of Germany [**BSI TR-03183 Part 2 SBOM**](https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Stand…