specification
specification copied to clipboard
CycloneDX
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and V...
## Describe the problem While writing a small proof-of-concept to show how VEX files can help downstream projects discard non exploitable vulnerability reports ([copernik-eu/vexation](https://github.com/copernik-eu/vexation/) I noticed a limitation of the...
Bumps org.apache.commons:commons-text from 1.12.0 to 1.13.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps commons-io:commons-io from 2.17.0 to 2.19.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.2 to 3.5.3. Release notes Sourced from org.apache.maven.plugins:maven-surefire-plugin's releases. 3.5.3 🐛 Bug Fixes [SUREFIRE-1737] - Fix disable in statelessTestsetReporter (#816) @slawekjaranowski [SUREFIRE-1643] - surefire junit5 parallel tests...
currently(CDX 1.6), we have the following situation: - for JSON, the known SPDX licence IDs are in an own schema store: - for XML, the known SPDX licence IDs are...
## Describe the feature I would like to be able to strictly typed refer to external VEX information outside of a CDX BOM. We are already distributing SBOMs with our...
Bumps `lib.slf4j.api` from 2.0.16 to 2.0.17. Updates `org.slf4j:slf4j-api` from 2.0.16 to 2.0.17 Updates `org.slf4j:slf4j-simple` from 2.0.16 to 2.0.17 You can trigger a rebase of this PR by commenting `@dependabot rebase`....
Bumps [com.networknt:json-schema-validator](https://github.com/networknt/json-schema-validator) from 1.5.5 to 1.5.6. Release notes Sourced from com.networknt:json-schema-validator's releases. 1.5.6- 2025-02-19 Added Changed Set requires static for optional and excludable dependencies (#1155) Thanks @justin-tay Fix NPE when...
## Describe the feature While the work on CLE is progressing it would be useful to add an [`externalReference` type](https://cyclonedx.org/docs/1.6/json/#externalReferences_items_type) to hold a link to a CLE, OpenEOX or other...
## Describe the feature Currently there is no way to describe the functions used within a library. When using a SBOM for vulnerability management, it would be useful to have...
