eBay sbom-scorecard issues

eBay / sbom-scorecard

Generate a score for your sbom to understand if it will actually be useful.

Apache License 2.0

221 stars 24 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Fix hasPurlOrCPE logic

#47 hmaurer opened 1 month ago
0
fix: Verify metadata is non-nil before accessing for timestamp

#46 ja-he opened 3 months ago
0
Consider contributing to OpenSSF

#45 lucasgonze opened 1 year ago
0
update spdx/tools-golang makes to simpler to handle conversion betwee…

#44 ajayk opened 1 year ago
0
Update authoritative source

#43 justinabrahms opened 1 year ago
0
If you have literally no packages, you get an overflow bug.

#41 justinabrahms closed 1 year ago
0
upgrade slsa-verifier: 2.0.1 -> 2.1.0

#40 developer-guy closed 1 year ago
0
feature: enable verification for provenance

#39 developer-guy closed 1 year ago
0
feat(scorecard):Display result in Table format

#38 dineshr93 closed 1 year ago
1
JSON output does not produce # of total packages

#37 emkaminsk closed 1 year ago
1
Consider Alternative Identifier Logic Related to purl and CPEs

#36 jspeed-meyers closed 1 year ago
2
Add licenseRef to test case

#35 jspeed-meyers closed 1 year ago
2
Evaluate & Adhere (or have good reasons why not) to NTIA minimal elements

#34 justinabrahms opened 1 year ago
3
Update spdx library

#33 justinabrahms closed 1 year ago
0
fix nil pointer reference bug & NaN handling on invalid json input

#32 frenchi closed 1 year ago
2
add publish image workflow

#31 developer-guy closed 1 year ago
1
Add usage image

#30 justinabrahms closed 1 year ago
0
Fix integer division by integer bug

#29 jspeed-meyers closed 1 year ago
0
BUG: Dividing Integers by Integers Leads to Incorrect Score Calculation

#28 jspeed-meyers closed 1 year ago
1
spdx: follow LicenseRefs

#27 justinabrahms closed 1 year ago
2
spdx: use both licenseConcluded & licenseDeclared

#26 justinabrahms closed 1 year ago
0
tag-value documents not parsing properly

#25 justinabrahms closed 1 year ago
6
Fix Package Version Logic for CDX Parsing

#24 jspeed-meyers closed 1 year ago
0
Inline tutorial into the README

#23 justinabrahms closed 1 year ago
0
SPDX questions/bugs

#22 rnjudge closed 1 year ago
5
Tutorial is wrong about installation.

#21 justinabrahms closed 1 year ago
0
Minor tutorial updates

#20 jspeed-meyers closed 1 year ago
4
Add support for Tag Value and YAML SPDX files

#19 anthonyharrison closed 1 year ago
0
Add tutorial.md and reference to tutorial in README.md

#18 jspeed-meyers closed 1 year ago
1
Fix check for component hash existence

#17 jspeed-meyers closed 1 year ago
0
Code assumes json format for CycloneDX SBOMs

#16 cyberbliss closed 1 year ago
2
BUG: Trivy CycloneDX scan does not work

#15 AnaisUrlichs closed 1 year ago
4
tutorial missing

#14 AnaisUrlichs closed 1 year ago
7
Add SPDX 2.3 support

#13 puerco closed 1 year ago
2
Handle panic when handling non 2.2 SPDX docs

#12 puerco closed 1 year ago
0
[Potential Bug] cyclonedx logic on package versions uses package digest

#11 jspeed-meyers closed 1 year ago
1
Add pkg version for spdx

#10 jspeed-meyers closed 1 year ago
0
Add SPDX package version logic

#9 jspeed-meyers closed 1 year ago
0
[Feature Request] Auto-Detect SBOM Format

#8 jspeed-meyers closed 1 year ago
1
Support json output

#7 justinabrahms closed 1 year ago
0
Add CLI support

#6 pxp928 closed 1 year ago
0
added cli and re-organized packages

#5 pxp928 closed 1 year ago
0
BOM Maturity Model

#4 stevespringett closed 1 year ago
3
Support for CycloneDX

#3 justinabrahms closed 1 year ago
1
Support for Syft

#2 justinabrahms opened 2 years ago
0
updated spdx to include files

#1 pxp928 closed 2 years ago
0