issues
search
CycloneDX
/
specification
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
https://cyclonedx.org/
Apache License 2.0
335
stars
57
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
docs: revisit example urls in spec 1.6
#490
jkowalleck
closed
1 day ago
0
Update pom.xml
#489
jkowalleck
closed
1 day ago
0
[FEATURE]: bom-ref rename to bomRef
#486
sergiomarotco
closed
4 days ago
0
[FEATURE]: Adding Streebog hashing algorithm
#485
volkdm
opened
1 week ago
0
chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.2.5 to 3.3.0 in /tools
#484
dependabot[bot]
closed
1 week ago
0
[FEATURE]: Validity period for attestations
#483
tixu
opened
1 week ago
0
tests: Adding 1.6 valid and invalid test files in the Java tests
#482
Nicolas-Peiffer
closed
1 week ago
0
[FEATURE]: EPSS Score on Vulnerability model
#481
mcombuechen
opened
2 weeks ago
3
tests: Update to cyclonedx-core-java-9.0.2 for test runners
#480
Nicolas-Peiffer
closed
1 week ago
1
[FEATURE] xml catalog for XSD
#479
Nicolas-Peiffer
opened
2 weeks ago
2
[WIP] 1.6 ecma
#478
jkowalleck
opened
2 weeks ago
0
[FEATURE]: Adding an XML Catalog file
#477
Nicolas-Peiffer
closed
2 weeks ago
5
issue451-streamline
#475
jkowalleck
closed
2 weeks ago
0
Resolve ambiguous definition of `serialNumber`
#474
mschusterbsi
opened
3 weeks ago
5
specVersion has no restrictions on value
#473
douglasdennis
closed
2 weeks ago
3
Request: Add component release/publish date to CycloneDX
#472
topiga
closed
3 weeks ago
3
character encoding in JSON BOMs
#469
gernot-h
opened
1 month ago
2
docs: annotate protobuf licenses
#468
jkowalleck
closed
4 weeks ago
1
chore(deps): bump json-schema-for-humans from 0.47 to 1.0.2 in /docgen/json
#467
dependabot[bot]
closed
4 weeks ago
1
Change component type so that it's not required or add a new type of unassigned
#466
pjdowner
opened
1 month ago
2
Misalignment in Protobuf Specification with Updated XML and JSON Schemas for LicenseChoice
#465
mtsfoni
closed
4 weeks ago
6
chore(deps): bump json-schema-for-humans from 0.47 to 1.0.1 in /docgen/json
#464
dependabot[bot]
closed
1 month ago
1
Add support for Blueprints
#463
stevespringett
opened
1 month ago
5
Add threat model capabilities to CycloneDX / TM-BOM
#462
stevespringett
opened
1 month ago
3
All required properties should have `"minLength": 1`
#461
Brcrwilliams
opened
1 month ago
1
Support for specifying how a vulnerability was matched against a component
#460
prabhu
opened
1 month ago
0
Support for evidence.licenses.confidence, methods
#459
prabhu
opened
1 month ago
3
chore(deps): bump json-schema-for-humans from 0.47 to 1.0.0 in /docgen/json
#458
dependabot[bot]
closed
1 month ago
1
Consider making `evidence.identity` mandatory
#457
prabhu
opened
1 month ago
1
xml/json 1.5 spec differences?
#456
divagant-martian
opened
1 month ago
3
licenses: allow mix of multiple SPDX expressions AND multiple named/spdx licenses
#454
jkowalleck
opened
1 month ago
0
Support for Hardware IDs
#453
prabhu
opened
2 months ago
3
Use defined domains for examples
#452
oej
closed
1 day ago
1
Fix(1.6spec): Fixed typo in componentEvidence description
#451
Petzys
closed
2 weeks ago
2
Support for ulid
#450
prabhu
opened
2 months ago
2
Recommend evidence for `compositions.aggregate`
#449
prabhu
opened
2 months ago
0
feat: express list of contributors of an element(component, ...)
#448
prabhu
opened
2 months ago
1
Add BOM-Link to component schema
#447
prabhu
opened
2 months ago
1
Improve documentation for BOM-Link externalReferences.type
#446
prabhu
opened
2 months ago
0
Add externalReferences.type = funding
#445
prabhu
closed
2 months ago
3
Clarify swhid in documentation
#444
prabhu
opened
2 months ago
0
Support for api-resolver as a technique
#443
prabhu
opened
2 months ago
0
Support for externalReferences.type source-archive
#442
prabhu
opened
2 months ago
0
Support for blob component type
#441
prabhu
opened
2 months ago
0
Support for dependency graph to better represent Software Heritage and OmniBOR ADG
#440
prabhu
opened
2 months ago
0
chore(deps): bump org.apache.commons:commons-text from 1.2 to 1.12.0 in /tools
#439
dependabot[bot]
closed
4 weeks ago
0
Consider making specVersion an integer with validations
#438
prabhu
opened
2 months ago
2
Evidence for `component.scope`
#437
prabhu
opened
2 months ago
0
`organizationalContact` enhancements
#436
prabhu
opened
2 months ago
0
Convert publisher from `string` to `organizationalContact`
#435
prabhu
opened
2 months ago
0
Next