search

chainloop-dev / chainloop

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
https://docs.chainloop.dev
Apache License 2.0
372 stars 27 forks source link

Add support for CSAF_* material types #635

Closed danlishka closed 5 months ago

danlishka commented 7 months ago

We currently support CSAF_VEX. This task aims to add support for other profiles.

migmartri commented 6 months ago

I think that the @bitnami team did some work with supporting CSAF in go.

Do you know if this is true and if their work is available? cc/ @juan131

juan131 commented 6 months ago

Yes @migmartri

We did some contributions to https://github.com/csaf-poc/csaf_distribution We also did some contributions to Trivy & Grype, see: