anthonyharrison
anthonyharrison
@terriko From a qucik look, Yocto appears to generate SBOMs at the FILE level and not the PACKAGE level which is what cve-bin-tool needs. The Yocto SBOMS are providing the...
@ffontaine This is interesting. Is there an example of an SBOM produced by buildroot to have a look at?
@ffontaine Excellent. It looks like it would be relatively easy to generate a SBOM file in either SPDX or CycloneDX formats from this maninfext file and then it could be...
**ADDITIONAL INFORMATION** There will be hopefully be a Python library available for the start of GSOC to help with the parsing and generating of the VEX documents in the various...
Reminder - This issue is reserved for GSOC2024 applicants. You need to apply to the GSOC program (applications have not yet opened) where you can describe your proposed approach to...
@tahifahimi The triage process within the cve-bin-tool supports a triage option based on CycloneDX in addition to a bespoke approach. There are now 3 (soon to be four) different approaches/formats...
@tahifahimi The current triage process will need to be improved. It doesn't currently use an SBOM as an input but not all VEX formats require a SBOM. You need to...
I am not surprised that there is some inconsistency - that is why we have created the GSOC project! I suggest we create a couple of SBOMs (I suggest upto...
> @anthonyharrison I am interested in this project and I have started working on the proposal will share a draft soon on Gitter. @mastersans. Look forward to seeing your draft....
@mastersans The Vulnerability object in lib4sbom has a `set_value` method which allows any attribute to be added into the Vulnerability object. You can add use this to include the additional...