sbom-tool
sbom-tool copied to clipboard
microsoft
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
Bumps [Serilog.Extensions.Hosting](https://github.com/serilog/serilog-extensions-hosting), [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime) and [Microsoft.Extensions.DependencyInjection](https://github.com/dotnet/runtime). These dependencies needed to be updated together. Updates `Serilog.Extensions.Hosting` from 7.0.0 to 8.0.0 Release notes Sourced from Serilog.Extensions.Hosting's releases. v8.0.0 #80 - update to .NET...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps dotnet/runtime-deps from 6.0.8-bullseye-slim-amd64 to 7.0.20-bullseye-slim-amd64. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps [System.Reactive](https://github.com/dotnet/reactive) from 5.0.0 to 6.0.1. Release notes Sourced from System.Reactive's releases. Ix.NET v6.0.1 Changes: Bugs: #1626: Fix duplicate emission in Delay with immediate selector Enhancement: #1700: Add MinByWithTies and...
The timeout of 30 seconds is a bit too short for larger projects: ```log ##[debug]Retrieving license information for 500 components... ##[warning]Error encountered while fetching license information from API, resulting SBOM...
I am not a c# developer but would love to see Golang support for this tool. Based this PR off an earlier PR , #369, to add support for additional...
Version 5 of the ESRP code signing task [adds support](https://microsoft.sharepoint.com/teams/prss/Codesign/SitePages/ADO%20Task%20v5.aspx?xsdata=MDV8MDJ8fDUyMWU3NTJiNDY3NzRhMzQxYzE2MDhkYzY0ODQ1NGVlfDcyZjk4OGJmODZmMTQxYWY5MWFiMmQ3Y2QwMTFkYjQ3fDB8MHw2Mzg0OTU3NjY3MDMxMTkzODJ8VW5rbm93bnxWR1ZoYlhOVFpXTjFjbWwwZVZObGNuWnBZMlY4ZXlKV0lqb2lNQzR3TGpBd01EQWlMQ0pRSWpvaVYybHVNeklpTENKQlRpSTZJazkwYUdWeUlpd2lWMVFpT2pFeGZRPT18MXxMMk5vWVhSekx6RTVPalkxTkRZNFkyTTBMV1F3TW1RdE5HUmtNQzA1TURjMUxUVTJNVFk0WmpJNU5HTm1NRjlrTmpVNE5UWTBNQzA1TjJGakxUUTBNemd0T1RReU1pMDNOekJsTkdRNE9XWmhNRGRBZFc1eExtZGliQzV6Y0dGalpYTXZiV1Z6YzJGblpYTXZNVGN4TXprM09UZzJPRGs0Tmc9PXw3YjFhMWQyNzU2OGI0NWY2YmE3MTA4ZGM2NDg0NTRlYnwzYmYxNzg2MzcxMWY0NTY0YjNkNDljNWM5ZTBkNzYxYw%3D%3D&sdata=YmRwQi9NejFHRUw1RUhvb2pqYkxsYlM0bzJlWHJWcjVMY091bGlBa1hQUT0%3D&ovuser=72f988bf-86f1-41af-91ab-2d7cd011db47%2cmeogorma%40microsoft.com&OR=Teams-HL&CT=1727457674110&clickparams=eyJBcHBOYW1lIjoiVGVhbXMtRGVza3RvcCIsIkFwcFZlcnNpb24iOiI0OS8yNDA5MDEwMTQxNyIsIkhhc0ZlZGVyYXRlZFVzZXIiOmZhbHNlfQ%3D%3D) for authentication with managed identities. This PR moves our SBOM CI pipelines to use the updated task. An example run...
CVE-2024-38081 impacts .NET Framework and .NET version 6.X. .NET 8 is not impacted. This was a manually-generated change, scoped to just the .NET Framework build, because the tooling can't automatically...
## Background - SBOM Tool currently only supports SPDX 2.2. - New version (2.0.0) of Germany [**BSI TR-03183 Part 2 SBOM**](https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Technische-Richtlinien/TR-nach-Thema-sortiert/tr03183/TR-03183_node.html) guideline is just released on 20 Sep 2024. -...
When using the SBOM task in an MSBuild project, the task outputs messages directly to the console rather than utilizing MSBuild's Logging APIs. This behavior results in cluttered and unstructured...
These properties don't take effect when I set them in my project: ```XML true true ``` They are passed to parameters of the `GenerateSbom` task, but the resulting SBOM contains...
