Patrick Dwyer
Patrick Dwyer
The basic idea is to evolve the `vulnerability` model for things like pentest reports, bug bounty programs, etc. In particular, it would be great to have reproduction steps in a...
This is a TODO reminder for after v1.3 is released.
With v1.3 of the spec custom properties were introduced. But no real guidance on naming. For example, CDX support is being added to Tern, a container SCA tool. One of...
BOM version is optional in XML and protobuf but required in JSON. I propose dropping the requirement from the JSON schemas as a patch release.
It would be great if this tool could output a software bill of materials in CycloneDX format https://cyclonedx.org/ There's a mature .NET library that can handle a lot of the...
Not sure this type of thing would be considered in scope or not. But containerised, reproducible, ephemeral, development environments are now becoming more commonplace. i.e. Gitpod and GitHub Codespaces. A...
I think it would be great to add support for component pedigree information from patch-package https://github.com/ds300/patch-package
The documentation needs a review before an official v1 release. Current TODO: - [ ] basic example usage for each command - [ ] more docker image usage examples -...