haiazuki

Results 4 comments of haiazuki

Relationships / Dependencies are present in Syft json and SPDX json files but sometimes not in Cyclonedx json file format

Hi @tgerla , I checked the specifications of SPDX compare with CycloneDX so I understand what you are saying. From a CycloneDX perspective, it tracks dependency relationships so DEPENDS-ON seem...

Relationships / Dependencies are present in Syft json and SPDX json files but sometimes not in Cyclonedx json file format

Shouldn't this need to be included in milestone "Meet NTIA Minimum SBOM Requirements" as relationships are part of the minimum elements in NTIA?

Relationships / Dependencies are present in Syft json and SPDX json files but sometimes not in Cyclonedx json file format

Hi @spiffcs, So, to confirm, you are saying if there are depends on relationships found in SPDX format, those should be found in CycloneDX dependencies as well? Looking at the...

Option in parameter or configuration to set value in metadata > authors in SBOM (CycloneDX)

Hi @tgerla , Thank you for considering this enhancement. Yes, for now we are manually adding the metadata/authors element on our sboms as required by our organization.