Aasim Malladi

icon indicating an email [email protected]

icon location Seattle, WA icon location Working on securing software supply chains. Got SBOM? Creator: https://github.com/microsoft/sbom-tool

Results 14 comments of Aasim Malladi

Scanning of files that aren't really Dockerfiles is causing errors

This is using CD version 1.2.0

Is there a docker image for the tool ?

We currently don't have a docker image for our tool. However, we do accept contributions, and if you want, you can create an image for our tool and we can...

Dev/stage/prod dependencies

@sachinshaji You are correct, currently we don't have a way to seperate out dev/stage dependencies from production.

Generated SBOM includes Git data and ephemeral build artifacts

@waynebeaton thanks for the suggestion, we have a backlog item on our plate to provide users with the ability to exclude certain folders from being included in the SBOM. I...

Wrong supplier in RootPackage of SBOM

Thanks for bringing this to our attention, will add a parameter to the tool for this.

Sign sbom-tool releases

Thanks for all your inputs, we are in the process of verifying some changes in our CI/CD pipeline, after which we will start publishing signed artifacts.

Sign sbom-tool releases

Hi all - we now have pushed a change that will publish signed artifacts for our releases. Please check out version 0.1.4

sbom Validate

The 'validate' scenario is currently not supported. This tool only generates SBOMs. We are working on a validate solution right now and we should have it ready in a couple...

Add additional documentation for Dockerfile detection

Feedback from an external blog.

Documentation error and SBOM format error

The new release has been deployed. Please verify by running v0.2.1