pluggable-scanner-spec icon indicating copy to clipboard operation
pluggable-scanner-spec copied to clipboard

Published 20 hours ago verified publisher icon goharbor

Define the data spec for SBOM

Open steven-zou opened this issue 3 years ago • 3 comments
trafficstars

steven-zou avatar Jan 25 '22 02:01 steven-zou

Maybe adopting the standard https://spdx.org/ is enough.

steven-zou avatar Apr 13 '22 06:04 steven-zou

Much more reference here: https://info.aquasec.com/gartner-sbom?_hsmi=209852081&_hsenc=p2ANqtz-9VQ2cCqfDtVMLi7sS4DSIm52pp_qTSFxKMU35x_Oe4Aw8NkZCnYp657861WmvP13-A3wfFr95HEwEa9X9N901YEPk6GA

steven-zou avatar Apr 13 '22 06:04 steven-zou

Consider adopting CycloneDX standard for both SBOM and vulnerabilities. As a bonus, results from advanced analysis, such as reachability, can be represented as evidence, thus reducing the integration effort involved.

prabhu avatar Nov 21 '23 23:11 prabhu