jbom
jbom copied to clipboard
eclipse
The strict schema validation was introduced in Dependency-Track API v4.11.0 (https://docs.dependencytrack.org/changelog): > BOM Validation. Historically, Dependency-Track did not validate uploaded BOMs and VEXs against the CycloneDX schema. While this allowed...
I want to make SBOM for Apache Tomcat . But it's made like this. What should I do? { "bomFormat" : "CycloneDX", "specVersion" : "1.4", "serialNumber" : "344e6328-1f3b-46e2-a6eb-3a459c8181c2", "version" :...
While trying **jbom** we have noticed that it might report faulty version information. That field might contain something that looks more like a part of a file path and not...
I having a karaf running inside a rootless container with my user. How do i get jbom working? i get: `nable to attach with regular provider: java.lang.IllegalStateException: Error during attachment...
Using jbom itself as an example, if you run: java -jar target/jbom-1.2.1.jar -f target/jbom-1.2.1.jar and then look at the generated SBOM, I see these null/unknown entries: - [ ] "manufacture"...
I reviewed JBOM a few months ago and it truly stands out from the crowd with the ability to scan active processes. I was able to scan active processes when...
Hmm... not sure if there's a good way to do that. Maybe jbom add a shutdown hook that would wait until jbom is finished. Anyone want to try implementing this?...
Readme states "This approach can also include details of services invoked" but looking at code I found no reference of any service discovery procedure or SBOM `services` section creation. Is...
