specification icon indicating copy to clipboard operation
specification copied to clipboard
Published 1 month ago verified publisher icon CycloneDX

Evidence for `component.scope`

Open prabhu opened this issue 1 year ago • 1 comments

Currently it is possible to specify a value for scope without offering any evidence.

https://github.com/CycloneDX/specification/blob/master/schema/bom-1.6.schema.json#L4783

This creates potential false negatives if consuming tools are configured to filter for components with specific scope values such as required

prabhu avatar Apr 13 '24 19:04 prabhu

Thanks for the suggestion @prabhu. Any suggestions on a possible way to represent this? What kind of evidence would be necessary?

stevespringett avatar Aug 31 '24 03:08 stevespringett