dwisiswant0
commented
1 year ago +1
Closed prabhu closed 1 year ago
dwisiswant0
commented
1 year ago +1
ezk06eer
commented
1 year ago Hi @prabhu we have sarif support now! please check about it in our latest releases :)
prabhu
commented
1 year ago @ezk06eer This is super cool! Can I add another issue to add support for CycloneDX 1.5 support?
f-amato
commented
1 year ago Thanks for the issues. Keep in mind that Faraday is open source. You can help us develop this new issues too. We are going to add it to the roadmap. Do you have an export file example to add this issue? Normally we support .XML, .json, CSV, etc
prabhu
commented
1 year ago Thanks @f-amato I think we can attrract contributors once we have a branch going. I'm happy to help during the design to make the product suitable for supply-chain, VEX and VDR use cases. Below are some links:
https://cyclonedx.org/docs/1.5/json/
Examples repo https://github.com/CycloneDX/bom-examples/
Juice-shop example https://github.com/CycloneDX/bom-examples/blob/master/SBOM/juice-shop/v11.1.2/bom.json
Tools
sbom tool - https://github.com/CycloneDX/cdxgen sca tool - https://github.com/AppThreat/dep-scan
What's the problem this feature will solve?
Integrate scan with faraday by supporting SARIF format
Describe the solution you'd like
Native way of importing SARIF reports.
Scan is a free opensource DevSecOps tool powered by numerous other open-source tools. It could be nice integration here.
Alternative Solutions
Additional context