sbom-tool
sbom-tool copied to clipboard
microsoft
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.5. Release notes Sourced from actions/checkout's releases. v4.1.5 What's Changed Update NPM dependencies by @cory-miller in actions/checkout#1703 Bump github/codeql-action from 2 to 3 by @dependabot...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.1 to 4.3.1. Release notes Sourced from codecov/codecov-action's releases. v4.3.1 What's Changed build(deps-dev): bump typescript from 5.4.4 to 5.4.5 by @dependabot in codecov/codecov-action#1370 fix: more verbose log...
Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5.0.0 to 5.0.1. Release notes Sourced from stefanzweifel/git-auto-commit-action's releases. v5.0.1 Fixed Fail if attempting to execute git commands in a directory that is not a git-repo. (#326)...
My organization is now requiring SBOM's regardless of how ancient the software is. We have a massive legacy ERP system written in VB 6.0 stored in a SourceAnywhere for VSS...
I run sbom-tools on same project folder in windows and kali and it worked on windows perfectly but in kali can't create sbom. Dependencies are in .csproj file and i...
@sebasgomez238 As part of #436 , Some Conan changes were missed out and that is the reason, Conan package are not part of SPDX file. Adding Conan support to SPDX...
I've installed sbom-tool using WinGet. It didn't add a `sbom-tool` command; instead, it installed a `sbom` command. (I am running this on a Windows 11 Professional machine.) (Also, I tried...
Hi, In v2.2.4 the release holds *-manifest.spdx.json files for each platform. Since v2.2.5 they are not deployed as part of a release. Are they no longer required as part of...
## Problem In the resulting `manifest.spdx.json` file created by SBOM Tool, the "relationships" are all defined as depending on SPDXRef-RootPackage instead of the proper subdependency. ## Context I have created...
