Maximilian Combüchen

Hi @stevespringett and everyone, at Snyk we’ve been working on an API endpoint to support this use case, which was released to our customers last week. This supports fetching vulnerabilities...

Hey @nscuro we (some of the folks at Snyk) would love to help out with this. Since this should probably happen in smaller chunks, we wonder how we can best...

Thanks @nscuro > But will require a bit of research. We already did a bit of research based on diffs between the 1.5 and 1.6 JSON schemas; I had not...

Hey @nscuro, I believe we're at a point where all the new schema additions have been added. What do you think is still outstanding to get `spec/1.6` merged? https://github.com/CycloneDX/cyclonedx-go/compare/CycloneDX:master...CycloneDX:spec/1.6

Thanks for submitting @schlenk! We'll look into this and get back.

Both CycloneDX and SPDX should support extending an already available list of creation tools, and add Parlay as an additional entry while maintaining any other tools that might have come...

Some thoughts on this ### Change repo structure Rename `lib` directory to `pkg`. This is opinionated and based on https://github.com/golang-standards/project-layout#pkg, just a suggestion. ### Change API to handle primitives As...

Thanks @nodet for raising this issue. I looked into our data source for this case, which is ecosyste.ms. You can check their response for the given module here: https://packages.ecosyste.ms/api/v1/registries/proxy.golang.org/packages/github.com/klauspost/compress If...

Hello @nodet please excuse the radio silence. I think we have a few license-related challenges which I would see us improve on incrementally. #### Ambivalent license relationships We currently "make...

change looks good, but can we craft a better commit message, since this will make it into the release details: * probably a [breaking change](https://www.conventionalcommits.org/en/v1.0.0/#specification), since consumers will have to...