sbom-utility
sbom-utility copied to clipboard
CycloneDX
Utility that provides an API platform for validating, querying and managing BOM data
Apache Skywalking-eyes (action): https://github.com/apache/skywalking-eyes Reference example: https://github.com/CycloneDX/cyclonedx-gomod/blob/main/.github/workflows/ci.yml - Corresponding config file (path include/exclude): https://github.com/CycloneDX/cyclonedx-gomod/blob/main/.licenserc.yml
TODO: figure out how to support both the v1.5 "Identity" type (a singleton of an anonymous type) vs. the v1.6 "identity" which is an array of named type (i.e., componentIdentityEvidence):...
TODO: figure out how to support both current (object)/legacy(array) tools in Metadata.Tools field. Currently, we use an `interface{}` placeholder in our `struct` bindings which is NOT ideal for many things...
Hi, I'm trying to compare two SBoMs generated with two different versions of trivy. sbom-utils thinks hard for a bit and then panics with `panic: runtime error: slice bounds out...
Since the JSON patch functionality is based on a neutral record format and that it need only need be applied to valid JSON documents, in theory it should be possible...
The CycloneDX schema file: /Users/Matt_1/Projects/CycloneDX/sbom-utility/schema/cyclonedx_formulation.go defines all the structures used for "formulation" which was added in v1.5; however, these structs should be updated to use pointers to structs in all...
I would like to parse the output of the license list summary and process it Right now summary only supports csv,txt and md I want to be able to get...
Need a testcase to validate the change of the "licenseChoice" schema defn. *Note*: license "expression" is no longer a "string" type, but an "object" now with a "bom-ref". ``` "licenseChoice":...
with the change to pointers in CycloneDX structs, we need to assure functional path where a service has no "bom-ref" (i.e., marshalled as "nil") will not break future changes. Currently,...