goneall
commented
1 month ago @jeffcshapiro - Let me know what you think
Closed goneall closed 1 month ago
goneall
commented
1 month ago @jeffcshapiro - Let me know what you think
jeffcshapiro
commented
1 month ago @goneall I think it's OK, just to check is this in line with what we already talked about recently regarding the SBOM or is this something extra?
I guess I'm a bit unsure where this is in the hierarchy?
goneall
commented
1 month ago just to check is this in line with what we already talked about recently regarding the SBOM or is this something extra?
This is an additional field in the same hierarchy we discussed - turns out Trivy fills in the field and we need to replace it with a more accurate description.
Next time we get together, I can go over the final SBOM after the augmentation code is complete.
goneall
commented
1 month ago Fixed with PR #93
For each package created for a repository, the following source_info is included:
The source this package was part of the LF Scanning configuration for the project [project name]This should be reviewed.
Also the originator is set to
Organization: [project name]- We may want to add additional detail.