dependency-track icon indicating copy to clipboard operation
dependency-track copied to clipboard
verified publisher icon DependencyTrack

Policy: Add support for BOM in policy conditions

Open stevespringett opened this issue 5 years ago • 2 comments

Extend functionality implemented in #83 to support BOM (CycloneDX, SPDX, spec versions, signed/unsigned, etc) in policy conditions.

stevespringett avatar Sep 08 '20 21:09 stevespringett

May require https://github.com/CycloneDX/cyclonedx-core-java/issues/68

stevespringett avatar Feb 01 '21 04:02 stevespringett

In order to make this useful we will need to first implement project-level policies per #2130.

Implementing signature verification would also require additional work to be carried our within DT.

msymons avatar Oct 23 '23 14:10 msymons