As part of the security self-assessment of emissary-ingress we performed(@yashaswi2000, @Disha-S-Gowda, @jcart657, @Saipv17), SBOM (Software Bill of Materials) file is found to be missing from the repository.
The open-source libraries, modules, and components that are used, together with their versions, are listed in an SBOM. This facilitates simpler updates/patching, makes it easier to detect susceptible components, and helps end users adhere to the terms of open-source licenses.
Expected Files
The repository should include a file meeting one of the following standards:
SPDX SBOM JSON
CycloneDX JSON/XML
SPDX SBOM Tag Value
Named sbom.json, bom.xml, sbom.spdx, etc. based on format.
Requested Info
Please update the repository with the relevant SBOM file. Please consider to include the following information:
SBOM file format standard used
Brief description of tools/process used to generate SBOM file
Link to SBOM documentation (if available)
This info helps users better understand and consume the SBOM content.
Description
As part of the security self-assessment of emissary-ingress we performed(@yashaswi2000, @Disha-S-Gowda, @jcart657, @Saipv17), SBOM (Software Bill of Materials) file is found to be missing from the repository.
The open-source libraries, modules, and components that are used, together with their versions, are listed in an SBOM. This facilitates simpler updates/patching, makes it easier to detect susceptible components, and helps end users adhere to the terms of open-source licenses.
Expected Files
The repository should include a file meeting one of the following standards:
Named
sbom.json,bom.xml,sbom.spdx, etc. based on format.Requested Info
Please update the repository with the relevant SBOM file. Please consider to include the following information:
This info helps users better understand and consume the SBOM content.
Other Relevant Info
Add any other info here.