sbom-tool
sbom-tool copied to clipboard
microsoft
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
Currently, if BuildDropPath is set to a file, the tool's output ends with something like: ``` BuildDropPath directory not found for 'D:\a\_work\1\a\File.zip' ``` While this is accurate, users often do...
Hello everyone, we are attempting to generate SBOM using sbom-tool in our GitLab jobs using powershell within windows docker container, but receive the following error message: ``` $ dotnet restore...
This is an overarching issue to track analyzer warnings that are currently silenced. To fix a single warning: 1. Remove the warning silence from [`.editorconfig`](https://github.com/microsoft/sbom-tool/blob/main/.editorconfig) 1. Run a build locally...
Unsure if I'm using this in an incorrect way, but I would not expect the tool to fail with an error that it cannot write to `BuildDropPath` if I specify...
We just created a new folder for quick start guides open to any tools that generate or consume SPDX documents. In one of our SPDX community calls, it was suggested...
The SBOM tool uses Serilog's `ILogger` interface directly. Unfortunately, Component Detection expects the [`ILogger` interface from `Microsoft.Extensions.Logging`][1] and uses the [`Serilog.Extensions.Logging`][2] package to provide an implementation. In our research, using...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.1 to 4.1.0. Release notes Sourced from codecov/codecov-action's releases. v4.1.0 What's Changed fix: set safe directory by @thomasrockhu-codecov in codecov/codecov-action#1304 build(deps): bump github/codeql-action from 3.24.3 to 3.24.5...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
The Microsoft.ManifestTool tool generates a temporary file in a shared directory, with apparently nothing but a timestamp to make it unique. But when msbuild builds a multi-targeting project, both projects...
build(deps): bump dotnet/runtime-deps from 6.0.8-bullseye-slim-amd64 to 7.0.15-bullseye-slim-amd64
Bumps dotnet/runtime-deps from 6.0.8-bullseye-slim-amd64 to 7.0.15-bullseye-slim-amd64. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Requires #476 to be merged for it's changes in ServiceCollectionExtensions as well as v4.0.12 of component-detection to be released Edit: all requirements have been met.
