Comments (2)
Not as of now, but we can easily add this capability. Is there any preferred way of providing this information, considering that potentially multiple authors would need to be added?
from cyclonedx-gomod.
For our use case, we are only really interested in specifying the Organization. In the Microsoft SBOM tool, which outputs SPDX, they use -ps
to specify the , which then adds the following block to the SPDX SBOM:
"creators": [
"Organization: <org name>",
"Tool: Microsoft.SBOMTool-1.1.7"
]
Something similar would be acceptable here IMO to capture at least that much, which I think is what most authors will need to provide.
from cyclonedx-gomod.
Related Issues (20)
- sign binaries and container images with cosign HOT 1
- Generated BOM has incompatible '+' HOT 1
- Missing dependencies (e.g. ghodss/yaml missing in kubernetes/apimachinery) HOT 2
- mod failed due to calculating has of non go file HOT 8
- Troubles to scan vendored private modules if there's no access to the private repository HOT 1
- flag provided but not defined: -output-version HOT 2
- GitHub API rate limit HOT 2
- Using the gh-gomod-generate-sbom action, fails when execution the "Cheap trick" gocmd.ModWhy call HOT 8
- Support for non linux and amd64 for running unit test
- Can you please cut a new release? HOT 2
- Support optional name input
- 8:57PM ERR error="failed to convert modules: failed to calculate module hash: open /Makefile: no such file or directory" HOT 1
- I just want to plug in SBOM for my project, use cyclonedx-gomd command why download cyclonedx-go first, how to solve this problem HOT 3
- Add license text and copyright to SBOM
- cyclonedx-gomod mod -licenses -json -output ./sbom.json 生成的许可证信息为什么是这种 "evidence": { "licenses": [ { "license": { "id": "MIT" } } ] }而不是 "licenses": [ { "license": { "id": "MIT" } } ] HOT 1
- Last repository tag picked over first reachable when determining version HOT 3
- Failed to load stdlib module when executing cyclonedx-gomod HOT 3
- Module cloned with --shared fails version retrieval
- cyclonedx-gomod:latest doesn't support go project with version 1.22 ? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cyclonedx-gomod.