Add source package metadata to CycloneDX format report

tern-tools / tern

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.

BSD 2-Clause "Simplified" License

967 stars 188 forks source link

Add source package metadata to CycloneDX format report #1093

Open rnjudge opened 2 years ago

rnjudge commented 2 years ago

Describe the Feature Source package name (src_name) and version (src_version) properties are available for Package objects for dpkg and rpm package managers collection methods.

Use Cases It would be great to get this information in to the CycloneDX output report.

@coderpatros are you available to help with this? Pretty please?

coderpatros commented 2 years ago

How could I say no when you ask so nicely :)

rnjudge commented 2 years ago

Hi @coderpatros - just to help with milestone planning for Tern, do you have a timeline of when you might be available to help with this?