In a CycloneDX provide info on evidence/occurence

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

https://retirejs.github.io/retire.js/

Other

3.66k stars 414 forks source link

In a CycloneDX provide info on evidence/occurence #439

Closed tschroeder13 closed 3 months ago

tschroeder13 commented 3 months ago

Is your feature request related to a problem? Please describe. I use retireJS to scan an application's filesystem for JS files (not installed be any package manager), what works well. I'm missing an information where the file is located in FS.

Describe the solution you'd like Provide info in Component - Evidence - Occurence within CycloneDX

Describe alternatives you've considered n/a

Additional context n/a

eoftedal commented 3 months ago

Added as:

Component / Properties in CyclondeDX JSON 1.4
Component / Evidence / Occurences in new CycloneDX JSON 1.6 format --outputformat cyclonedxJSON1_6

eoftedal commented 3 months ago

Available in version 5.1.0