Open smlambert opened 2 years ago
@smlambert feel free to ask me anything on the CycloneDX Slack if you have any questions about CycloneDX.
I'll take point on the investigation to start
@spoole167 extensions are problematic due to limitations in JSON and protobuf. Custom properties are recommended as a lightweight way to extend the core spec for specific use cases without using an extension. They can be applied at the top level metadata, component, or service levels.
We have an official, namespaced, custom property taxonomy registry.
For example, there is the option to register an adoptium
namespace that is managed by the Adoptium project. It could then go further and define an adoptium:temurin
namespace, or whatever makes sense.
https://github.com/CycloneDX/cyclonedx-property-taxonomy
Let me know if you have any questions. Happy to have a chat about it.
@coderpatros hi - have been exploring and talking to some folk about cycloneDX. Would like to chat to you about some specifics.
@spoole167 happy to chat. You can message me on the OWASP or CycloneDX slack https://cyclonedx.org/slack/invite or my email address is patrick.dwyer@owasp.org and we can organise an online call.
Hi @coderpatros, I have a few questions regarding CycloneDX SBoM. Have sent you a message on slack. Please check. Your help is very appreciated.
Now that we have a prototype (related: https://github.com/adoptium/temurin-build/issues/2594), we would like to investigate creating an extension via a popular/standard way of defining the same information: see https://cyclonedx.org/about/guiding-principles/