sbom-tool
sbom-tool copied to clipboard
microsoft
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
Filed on behalf of @chloduan- thanks for debugging this! The following exception when -mi WdacCatalogManifest:1.0.0 is passed as an argument, and the CatalogManifestConfigHandler deemed the SbomConfig false/null: ``` Encountered an...
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.24.9. Changelog Sourced from github/codeql-action's changelog. CodeQL Action Changelog See the releases page for the relevant changes to the CodeQL CLI and language packs. Note...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
This PR solves the issue https://github.com/microsoft/sbom-tool/issues/251 . It depends on component detector pr https://github.com/microsoft/component-detection/pull/927 It lists Hierarchy of packages in relationship section of the SBOM. here is the output `...
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2. Release notes Sourced from actions/checkout's releases. v4.1.2 We are investigating the following issue with this release and have rolled-back the v4 tag to point...
Bumps [AutoMapper](https://github.com/AutoMapper/AutoMapper) from 10.1.1 to 13.0.1. Release notes Sourced from AutoMapper's releases. v13.0.1 What's Changed Updating to latest template from readthedocs.io by @jbogard in AutoMapper/AutoMapper#4380 Remove Microsoft.CSharp nuget dependency by...
Linux filesystems are case-sensitive, but Windows filesystems are not, and the SBOM validator follows the case sensitivity of whichever filesystem it runs on. As a result, if an SBOM is...
I am using run_subprocess function in python to invoke sbom-tool generate command. which given invalid input, it will prompt --help function, but exit_code is 0, which run_subprocess believe this command...
We have been seeing support requests in which the component detection library throws errors in a scan, usually due to malformed packages present on the machine, and the SBOM tool...
ValidationResultGenerator sets the "Success" value of a ValidationResult object to either true or false depending on whether the number of validation failures [ValidationResultGenerator.cs@L86](https://github.com/microsoft/sbom-tool/blob/main/src/Microsoft.Sbom.Api/Entities/output/ValidationResultGenerator.cs#L86)) is equal to zero. However, the list...
We use the `sbom-tool` to generate SBOM for our .NET project output. This is the command line call: ```pwsh sbom-tool generate -b "${{ github.workspace }}/dist" ` -bc "${{ github.workspace }}/src"...
