Mayank Rai

@anthonyharrison I was working on adding locations of products in CycloneDX SBOMs. Since sboms are generated using lib4sbom library, I wanted to ask if it is possible to update it...

@terriko @edhinard I would like to work on this. The second solution utilizing the "evidence" key seems better implementation. I would give it a try.

@edhinard @terriko seems to me that cyclonedx sbom is generated using the sbom generation library lib4sbom. Since I cannot modify it directly, I added additional functionality in: https://github.com/intel/cve-bin-tool/blob/6a86564a518a68c306b872aeea9bef59568e4a4f/cve_bin_tool/output_engine/__init__.py#L897 ![Screenshot 2024-03-04...

@edhinard @terriko There is also a second doubt regarding locations of these products. For testing I used python modules and added locations using:  Is there any place...

I'm looking into this

@mulder999 Seems like I am not able to produce the same ServerTimeoutError as I am getting the expected behavior with SBOM generation without any report of vulnerabilities. At first, the...

@terriko I actually used my own requested NVD_API key. I will look into this bug and help with appropriate way of handling the disabling of NVD.

@terriko After modification, NVD will no longer be added as default_source if it is in disabled_sources list. Do update if more changes are needed, I'd like to work on it.