sbomasm
sbomasm copied to clipboard
interlynk-io
SBOM Assembler - A tool to compose your various sboms into a single sbom.
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0. Release notes Sourced from github.com/google/uuid's releases. v1.6.0 1.6.0 (2024-01-16) Features add Max UUID constant (#149) (c58770e) Bug Fixes fix typo in version 7 uuid...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
CISA has released a document, which proposes another way of assembling sboms for products. All the details are https://www.cisa.gov/resources-tools/resources/guidance-assembling-group-products We will add support for PLB sboms to sbom-asm in feb....
The CycloneDX specification was updated to version 1.5: https://cyclonedx.org/news/cyclonedx-v1.5-released/ And tools are already updating to support it, such as Trivy with its 0.43.0 release: https://github.com/aquasecurity/trivy/releases/tag/v0.43.0 Can this tool please also...
The user should be able to configure multiple projects in DT which can be assembled into a single project. The user can then request to store it back into DT...
We should be able to ingest in SPDX docs and output cyclonedx and vice versa. This will be a lossy conversion, we should clearly document data lost in translation.
It seems like a hierarchical merge will always generate dependency data forcing the merged sboms to become nodes in the resulting sbom dependency tree. On the level above the individual...
Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.8.1 to 0.8.2. Release notes Sourced from sigs.k8s.io/release-utils's releases. v0.8.2 What's Changed bump golangci-lint / zeitgeist / cosign and dependencies by @cpanato in kubernetes-sigs/release-utils#103 Full Changelog: https://github.com/kubernetes-sigs/release-utils/compare/v0.8.1...v0.8.2...
Bumps [sigs.k8s.io/release-utils](https://github.com/kubernetes-sigs/release-utils) from 0.8.3 to 0.8.4. Release notes Sourced from sigs.k8s.io/release-utils's releases. v0.8.4 Changes by Kind Feature K-sigs/release-utils now has an automated release workflow and publishes an SBOM (#110, @puerco)...
Bumps [github.com/samber/lo](https://github.com/samber/lo) from 1.44.0 to 1.46.0. Release notes Sourced from github.com/samber/lo's releases. v1.46.0 What's Changed fix: chunk memory leak, bug fix by @mihir20 in samber/lo#491 feat: add WaitForWithContext by @ccoVeille...
As a user of DT, i would like to provide sbomasm with multiple project ids and it should merge it and output it either to a file or to another...
Metadata
Owner
Metadata
SBOM Assembler - A tool to compose your various sboms into a single sbom.