Closed sparrell closed 3 years ago
Hi Duncan,
Thanks for creating this. I know you had asked for it I had dropped the ball! Can you provide samples apart from what I generate so I can have a wider corpus to test import of CycloneDx. CylconeDX JSON and XML if possible for each scenario below will be helpful
Thanks
https://cyclonedx.org/#example-sbom has an example in both xml and JSON. There is a multilevel example at https://cyclonedx.org/ext/dependency-graph/. There are a bunch of other examples on that website. You might also want to look at https://github.com/CycloneDX/gh-node-module-generatebom.
iPhone, iTypo, iApologize
From: Vijay Sarvepalli notifications@github.com Sent: Sunday, September 20, 2020 12:35:27 PM To: CERTCC/SBOM SBOM@noreply.github.com Cc: duncan sfractal.com duncan@sfractal.com; Author author@noreply.github.com Subject: Re: [CERTCC/SBOM] Import CycloneDx request from sFractal (#3)
Hi Duncan,
Thanks for creating this. I know you had asked for it I had dropped the ball! Can you provide samples apart from what I generate so I can have a wider corpus to test import of CycloneDx. CylconeDX JSON and XML if possible for each scenario below will be helpful
Thanks
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/CERTCC/SBOM/issues/3#issuecomment-695807381, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AANEXD2GWRUSYSQWVBX7YCLSGYVM7ANCNFSM4RTT5SUQ.
Hi Duncan,
I have been running some sample parsers on CycloneDX. There are a number of challenges in reliably parsing CycloneDX both XML and JSON.
I am going to put this "on hold" for now, due to all these challenges.
Vijay
Thanks for trying. So I understand – you can still output CycloneDX xml & json but you can’t accept external input due to parsing issues. Correct?
Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/
From: GitHub notifications@github.com Reply-To: CERTCC/SBOM reply@reply.github.com Date: Thursday, September 24, 2020 at 11:51 AM To: CERTCC/SBOM SBOM@noreply.github.com Cc: "duncan@sfractal.com" duncan@sfractal.com, Author author@noreply.github.com Subject: Re: [CERTCC/SBOM] Import CycloneDx request from sFractal (#3)
Hi Duncan,
I have been running some sample parsers on CycloneDX. There are a number of challenges in reliably parsing CycloneDX both XML and JSON.
I am going to put this "on hold" for now, due to all these challenges.
Vijay
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/CERTCC/SBOM/issues/3#issuecomment-698431595, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AANEXD2GI4B3323IRGJQF5DSHNTI7ANCNFSM4RTT5SUQ.
Yes, Correct Duncan. Parsing CycloneDX is put on hold for now as it involves quite a bit of development and a corpus of documents to test against. I believe these will be both happen eventually, as demand increases, then I can put in time or muster up resources internally to take this up.
Vijay
Cyclone DX JSON is available for output now.
Many build tools create CycloneDx SBOMs. Having import-CycloneDx button (similar to import-spdx and import-excel) would save me typing them into form or making fake SBoM and using hierarchy features.