sbom-utility
sbom-utility copied to clipboard
CycloneDX
Utility that provides an API platform for validating, querying and managing BOM data
If we want to have special processing for JSON encoding/decoding (e.g., marshal/unmarshal) it would be helpful to enable this via custom struct tags. For example: ``` // v1.3 added "compositions"...
See the Golang schema file that dictates how CycloneDX JSON gets "marshalled" into Golang structs. - schema/cyclonedx.go
Is there a documentation for making a custom.json?
Hi guys, I would like to use the sbom-utility tool to validate proper output (schema) of other SBOM tools that generate a CycloneDX SBOM. I know that there are tools...
``` ./sbom-utility vulnerability list -i sbom.json --format md --summary Welcome to the sbom-utility! Version `v0.16.0` (sbom-utility) (linux/amd64) =========================================================================== [INFO] Loading (embedded) default schema config file: `config.json`... [INFO] Loading (embedded) default...
It would be really great if this TODO feature of remote schema loading can be implemented as soon as possible.
I created a CDX 1.4 SBOM with the licenses for one package as GPL-2.0-or-later, SMAIL-GPL, public-domain These were broken up correctly into their separate licenses in the SBOM, but on...
Hi, in our company we start using CycloneDX SBOMs for license management and want to use sbom-utility to check the licenses against a custom license policy. But we have a...
`cobra.Command.Use` is not being set properly - this is visible in the command's help output: ``` ❯ ./sbom-utility Welcome to the sbom-utility! Version 'v0.17.1-pre' (sbom-utility) (darwin/arm64) ================================================================================ [INFO] Loading (embedded)...
## Describe the bug The value "http://private%20package/" is a valid `iri-reference`. ## Screenshots or output-paste Problematic part of the SBOM file: ``` { "type": "library", "name": "utils", "group": "@mui", "version":...
