sbom-tool
sbom-tool copied to clipboard
microsoft
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
It would be an excellent feature to add a flag, maybe `-generate-webpage` that would include an HTML page that is directly connected to the json file path at the same...
When attempting to generate sbom for a binary drop from a file server, I often have to make multiple attempts before I can successfully generate an sbom. This leads to...
it would be pretty convenient to be able to install the binaries with `dotnet tool install sbom-tool` and run it as `dotnet tool run sbom-tool`. this would let us declare...
In two sample CI pipelines, one using Azure DevOps and one using GitHub Actions (both linux agents), I've so far found that `salus -h` hangs indefinitely until the task/step is...
Would be nice to be able to verify that releases of `sbom-tool` are build by CI by using e.g sigstore to sign binaries
The generated SBOM includes information from the `.git` folder. Likewise, it would be good to have it ignore the contents of NPM `node_modules` directories and Maven `/target/` directories. AFAICT, there's...
On Linux I get the following error message. OS: Fedora 36 ARch: x86_64 ``` winsbom generate -b . No usable version of libssl was found Aborted (core dumped) ```
First time using this tool, and I find it frustrating that so many command-line options are required. Most should have reasonable defaults, or be auto-detected. I just spent 10 minutes...
