IciaCarroBarallobre
commented
1 week ago What info? Just the component tested? I think that It was what we did here
declarations > targets > components SSCG => SBOM metadata > component
Open GalaxyGorilla opened 1 week ago
IciaCarroBarallobre
commented
1 week ago What info? Just the component tested? I think that It was what we did here
declarations > targets > components SSCG => SBOM metadata > component
GalaxyGorilla
commented
1 week ago See email
matlaj
commented
2 days ago Any update on this?
I don't think the declarations > targets > components section is where we want to identify the software under test in the SSCG. The declarations section is about "The list of declarations which describe the conformance to standards." We might want to add info here later, but for now we should just make sure to fill in metadata > component, which is "The component that the BOM describes."
Not sure what to do when the SBOM does not identify the component, though...
IciaCarroBarallobre
commented
2 days ago The email mentioned
Under declarations there is the 'targets' array which needs to contain the information about the software under test. This information comes from the SBOM.