search

guacsec / guac

GUAC aggregates software security metadata into a high fidelity graph database.
https://guac.sh
Apache License 2.0
1.21k stars 156 forks source link

Artifactory support #310

Open justinabrahms opened 1 year ago

justinabrahms commented 1 year ago

This is a ticket to track a need for artifactory support as a source of sbom data.

mlieberman85 commented 1 year ago

I'm not very familiar with the artifactory API, does it have an endpoint for providing SBOMs for artifacts, would the SBOMs just live in a repo in artitfactory or something else?

justinabrahms commented 1 year ago

I haven't looked deeply into this yet. My current understanding is that the SBOMs just live as files in the repo in artifactory. There's no mechanism to actually link them through a relationship.

mlieberman85 commented 1 year ago

That's fine, even if there's just a general convention it should be fine. Perhaps worth reaching out to someone from JFrog as well.