anthonyharrison
anthonyharrison
As someone who tried to use the original tooling (and when it didn't work for SPDX 2.2 tried to see if it could be 'easily' repaired - it couldn't!), I...
1. I am interested in contributing to: - [x] Development - [x] Documentation - [x] Issue triage and community - [x] Technical advisory (review [governance document](https://github.com/artifact-ff/artifact-ff/blob/main/GOVERNANCE.md#technical-advisory-members)) 2. I am here...
@terriko I wonder if we should be actually capturing a list of all the external applications which cve-bin-tool needs and validating that they are available before starting a scan? This...
There are also instances where the reported numbers don't seem to be adding up. I tried this when disabling a data source which seems to introduce a few issues. There...
@terriko Yes I am aware of these tools but when I looked at them they didn't work for SPDX v2.2 files (certainly the version in PyPi). Will keep a watch...
I have installed the binwalk application using apt-get install. It drags in a lot of dependencies - I wonder if there is a clash or version mismatch... On Mon, 1...
@terriko Some progress (but no solution yet). Tried 3.7 without installing binwalk. No issues with the checkers but testing failed in test_extractor. Tried 3.8 with binwalk installed. Get the same...
@terriko No idea what is going on here! I haven't been anywhere near the NVD Schema.. ```console ______________________ ERROR collecting test/test_json.py ______________________ /opt/hostedtoolcache/Python/3.9.13/x64/lib/python3.9/site-packages/requests/models.py:971: in json return complexjson.loads(self.text, **kwargs) /opt/hostedtoolcache/Python/3.9.13/x64/lib/python3.9/json/__init__.py:346: in...
@terriko I have looked at the [CycloneDX Python tool](https://github.com/CycloneDX/cyclonedx-python) using the requirements.txt file. It doesn't do what I believe is needed as this report shows: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !! Some of your...
> Version is an optional field in CycloneDX v1.4 > > https://cyclonedx.org/docs/1.4/json/#components_items_version Thanks @stevespringett but we need the version string with the package name to allow us to query the...