bom-examples

bom-examples copied to clipboard

Need v1.4 SBOM examples (with use of new v1.4 schema features, incl. JSF)

2

Many new fields (schema) were added to between v1.3 and v1.4 yet there are not examples that ref. v1.4. In addition, we would like examples that exhibit the use of...

mrutkows

stevespringett

stevespringett

stevespringett

stevespringett

As an enhancement, it would be useful to be publish SBOM examples for 2 versions of the same OSS project. It does not really matter which project is chosen. Dropwizard...

msymons

Is CISA-Use-Cases /Case-7/ valid example

8

in https://github.com/CycloneDX/bom-examples/tree/master/VEX/CISA-Use-Cases/Case-7 boms do not contain version of the software, but vex file affects sections contain versions or version ranges (i.e. https://github.com/CycloneDX/bom-examples/blob/7d529848e2f8bd65d03aec9eab16f139fd445ff4/VEX/CISA-Use-Cases/Case-7/vex.json#L169). So if I understand correctly, this vex should...

tomekkolo

Hello, I can't find examples of SBOM where the "component" type is "file" and some component has related components. Could you please provide such examples?

VladimirBoiko

Should "response" field allow multiple entries?

1

@stevespringett - thanks for putting this example together. When reviewing the vulnerability/analysis/response field, I saw that it contained "["will_not_fix", "update"]". Is this correct? According to the CycloneDX standard, this entry...

Walter-Haydock