Audun
Audun
@wagoodman Heya. I actually stopped pursuing this. Turns out, vcpkg generates an SPDX SBOM automatically. It just wasn't super apparent in their docs. Thanks anyway! Closing this issue
For anyone else stumbling upon this issue, here's the vcpkg docs for SBOM https://learn.microsoft.com/en-us/vcpkg/reference/software-bill-of-materials
Hey, just want to say that as a security practioner in the go development space, I both see and deeply appreciate the work you're putting into Gosec. I'm hoping to...
Ah, that's super interesting then! Thanks @spiffcs. I also appreciate the discussion you had on the stream What I'd be most interested is solving a situation like this one: Let's...
> We already support online resolution of various things including Maven POM files and Golang licenses, which can include downloading git repositories. We could probably use the GitHub API to...
Looked a little into it. It looks like this is in large part an inherited issue from docker, whose errors are the ones we're seeing