pietrushnic
commented
2 years ago Why not to save that as repo or sth like that? When there will be comment, then instantly there is question about author of the comment to prove credibility.
Open orangecms opened 2 years ago
pietrushnic
commented
2 years ago Why not to save that as repo or sth like that? When there will be comment, then instantly there is question about author of the comment to prove credibility.
orangecms
commented
2 years ago Why not to save that as repo or sth like that? When there will be comment, then instantly there is question about author of the comment to prove credibility.
Yes, that is something I wanted to neglect deliberately for the time being. Data requires infrastructure, and I think a repo could be good start indeed, great idea! 💡 Thank you :)
orangecms
commented
2 years ago Note: With #79, we have added first export functionalities now, so that you can export a list of UEFI components to remove as JSON and load it again.
orangecms
commented
2 years ago We should add an explanation of what SBoM is. Possible references: https://blog.reversinglabs.com/blog/gartner-explains-why-sboms-are-critical-to-software-supply-chain-security-management
Idea
Add the ability to annotate firmware ingredients and collect and share data. This is useful to OEMs for testing / QA, larger companies and institutions for creating fleet BoMs, gamers / BIOS modders / end users for discussion.
Implementation
We can parse file systems and already get a bunch of metadata that stems from the files themselves.
Now we can enrich the static information: Add a simple textarea for a comment per file, and add a button to save all the information for a start. Then add a button to load back information.
Note: This involves work on the state management and rendering, which is currently not well optimized. 😅
See also #60 for related features, including CoSWID
Addendum: We should add CoSWID support to the parsing also.