certcc / sbom Goto Github PK
View Code? Open in Web Editor NEWExamples and proof-of-concept for Software Bill of Materials (SBOM) code & data
License: MIT License
Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
License: MIT License
I would like to update the CVE database on local server.
When I used SwiftBOM on internet (https://sbom.democert.org/sbom/), I think that this database is latest.
I would like to know how to update CVE database.
Hi @sei-vsarvepalli,
I would like to know which versions of SPDX does the tooling support?
From Meeting on July 21, 2021 for NTIA Medical PoC working group:
There were a few items identified by the meeting participants about SwiftBOM that can improve the PoC experience
CycloneDx v1.2 supports JSON output. Could you add CycloneDx-JSON as an output format?
Couldn't you automatically add the swid tags generated in the SWID file into CycloneDX with <swid></swid>
? This field could help for component vulnerability tracing.
Many build tools create CycloneDx SBOMs. Having import-CycloneDx button (similar to import-spdx and import-excel) would save me typing them into form or making fake SBoM and using hierarchy features.
The "Import Excel Template" option isn't importing information. It successfully prompts to select a file and provides the "Experimental!" warning, but information does not populate in the fields for the document or component information.
Some of the NOASSERTION fields need no longer need to be included.
I have understood how to work on this tool to Import SPDX, Excel, NPM and PIP packages. But I am not understanding how can I work on CycloneDX in this tool. Is it possible to import or any other way to add XML/JSON file into CycloneDX?
Please guide me.
Suggest that this repo enables the new discussion features and creates a Gitter so that post meeting conversations amongst the community can continue
Enclosed is a sample Excel that can be imported to build SBOM SPDX template.
The Health care PoC has a work in progress of managing multiple SPDX SBOM's that can eb cross reference using the SPDX
See
https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/
Section "7.1.4 Data Format" for referencing external SPDX documents using the format
["DocumentRef-"[idstring]":"]SPDXID ["DocumentRef-"[idstring]":"]SPDXID | NONE
| NOASSERTION
where "DocumentRef-"[idstring]":" is an optional reference to an external SPDX document as described in section 2.6
From Ed Heierman (Abbot) with support from kstewart(at)linuxfoundation.org
Issue: Including a space character in the Primary Component Name breaks the Graph from displaying any Included components.
Note: Including a space character in an Included Component Name does not break the graph from displaying further Included components.
Hi @sei-vsarvepalli
I have tried to generate SBOM using the default example(ACME) on swiftbom and with the general npm package. I see the vulnerabilities list in CycloneDX XML format but I am unable to see it in CycloneDx json format.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.