Hector Fernandez
Hector Fernandez
@jpillora I am continuing the work related to this topic. > So your "users" connect to your chisel client? If this is case, I'd suggest writing a small program using...
@developer-guy Wouldn't it help having all the common functions moved to sigstore/sigstore ? That is an on-going work if I am not mistaken. That would help to build a kind...
@ahmetb I ack the usage of Ready=True on conditions however there might be situations where other conditions should also be considered to be reported in the tree (maybe because Ready...
As part of the VMware Secure Supply Chain Team, I'd love to attend and I am sure some of my teammates would join too. Goals: * Explore how to improve...
+1 I'd be interested on participating too.
> how do we ship the SBOM (on an image registry? do we need to support non-container use cases) We started a discussion at sigstore/cosign about a recommendation to ensure...
@pxp928 I am sharing a link to the current public repo https://github.com/sclevine/cnb-sbom. We have another internal version but it does not differ much from this implementation.
> I know the implementation might involve Syft's decoders, but it seems like a Grype feature that we're talking about from the user's perspective. Is that a correct read on...
Yes, I started to investigate which properties are missing for cyclonedx: * Supplier of the software component * Version of the component * Component unique identifiers * Any component dependency...
Thanks @samj1912