cdxgen
cdxgen copied to clipboard
What if cdxgen container image bundles depscan
https://github.com/owasp-dep-scan/dep-scan
depscan can accept the --bom
argument to enhance and create a VDR/VEX file. What if cdxgen could invoke depscan and submit the resulting VDR to the dependency track server to simplify things?
What if cdxgen could also invoke evinse, generate an obom, and invoke depscan so that the vulnerabilities included are targeted for the given application and runtime context?