Allen Shearin
Allen Shearin
#### What kind of change does this PR introduce? Adds check for published sboms. This PR is still a draft as there is more discussion on applicability and implementation to...
**Is your feature request related to a problem? Please describe.** Recent zero-day vulnerabilities and the resultant WH executive order regarding cybersecurity are making sbom generation an increasingly important part of...
**What happened**: Docs list supported Cyclonedx Spec as 1.4 > - `cyclonedx`: An XML report conforming to the [CycloneDX 1.4 specification](https://cyclonedx.org/specification/overview/). > - `cyclonedx-json`: A JSON report conforming to the...
#### What kind of change does this PR introduce? Enhancement to our structured results. Adds a static Check ID for all checks, along with updates to check validation process to...
**Describe the solution you'd like** Currently we check for SBOMS only in release assets and source code. We should also be checking for SBOMS generated as part of the CI/CD...
**Description** I'm attempting to leverage `sigstore-python` library for an enterprise signing/verification tool. Working on a proof of concept resulted in this small example: ```python from sigstore.oidc import Issuer issuer =...
### Description Supercedes https://github.com/DependencyTrack/hyades/pull/1809 and https://github.com/DependencyTrack/hyades/pull/1820 Related to https://github.com/DependencyTrack/hyades-apiserver/pull/1325 and https://github.com/DependencyTrack/hyades-frontend/pull/318 ### Addressed Issue ### Additional Details ### Checklist - [ ] I have read and understand the [contributing guidelines]...