Consider integrating with cdxgen and depscan server

[prabhu]

Problem Statement

I'm the author of cdxgen and dep-scan.

cdxgen is a polyglot sbom generation tool from the CycloneDX community. dep-scan is an advanced OSS audit tool with automatic prioritization

Both the tools are available as single binary executables, oci images and support both cli and REST-based integration.

https://github.com/CycloneDX/cdxgen#sbom-server https://github.com/AppThreat/dep-scan#server-mode

Proposed Solution

cdxgen would increase the number of languages and frameworks supported. depscan would add the much needed triaging and prioritization capabilities

Alternatives Considered

Please briefly describe which alternatives, if any, have been considered, including merits of alternate approaches and tradeoffs being made.

Additional Context

Please provide any other information that may be relevant.

[akpsgit]

Thanks a lot @prabhu. The projects look very interesting and can definitely benefit VMClarity. We'll take a deeper look into them and the integration options. Of course, contributions for additional scanners are always welcome :)

[github-actions[bot]]

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 14 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

[github-actions[bot]]

This issue has been marked stale for 14 days, and is now closed due to inactivity. If the issue is still relevant, please re-open this issue or file a new one. Thank you!