[Discussion] How is vexctl doing merging?

CISA-SBOM-Community / SBOM-Generation

Reference GitHub Workflows for SBOM generation from the CISA SBOM Generation Reference Implementation Tiger Team

Apache License 2.0

10 stars 2 forks source link

[Discussion] How is vexctl doing merging? #18

Open idunbarh opened 1 month ago

idunbarh commented 1 month ago

The question was asked last week and @puerco is probably best to answer.

How is openvex/vexctl doing merging?

djmoch commented 3 weeks ago

@idunbarh Is this question intended to tease out how we might achieve merging more generally (vis-à-vis SBOM's)? Or are we looking to merge vulnerability data into SBOM's as part of the study? The consensus in the August 20 working meeting was that we don't think the latter is in-scope.

idunbarh commented 5 days ago

Sorry for the delayed response. It was intended to see more generally how others are handling merging (not to bring vulnerability handling in scope).

We'll be seeing @puerco in-person this week at sbom-a-rama. We can bring this up.