cyclonedx-cli icon indicating copy to clipboard operation
cyclonedx-cli copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Support JSF signatures

Open dn-scribe opened this issue 3 years ago • 1 comments

It is not clear to me - does the cli tool support JSF signatures? The advantage is that verification can be done on the SBOM without an additional public key file.

dn-scribe avatar Dec 23 '21 10:12 dn-scribe

Not yet. But it is definitely planned.

The only issue is that I'm not aware of a JSF implementation for .NET yet. So it will likely be a from scratch implementation. And will need a fair bit of diligence to ensure correctness.

coderpatros avatar Dec 23 '21 19:12 coderpatros