Maximilian Combüchen
Maximilian Combüchen
## Pull Request Submission Please check the boxes once done. The pull request must: - **Reviewer Documentation** - [ ] follow [CONTRIBUTING](https://github.com/snyk/cli/blob/main/CONTRIBUTING.md) rules - [ ] be accompanied by a...
This extends type `EvidenceOccurrence` with additional fields from the 1.6 spec. Logic has been added to the conversion to make sure they don't show up in lower spec versions. Closes...
In spec version 1.6, a new slot `Definitions` was added. Resources: * https://github.com/CycloneDX/specification/pull/348/files * https://cyclonedx.org/docs/1.6/json/#definitions Consider setting this to `nil` in `convert.go` for spec versions < 1.6.
In spec version 1.6, a new slot `Declarations` was added. Resources: * https://github.com/CycloneDX/specification/pull/348/files * https://cyclonedx.org/docs/1.6/json/#declarations Consider setting this to `nil` in `convert.go` for spec versions < 1.6.
Type `EvidenceOccurrence` has been extended with new properties in spec 1.6. * `lineNumber` * `offset` * `symbol` * `additionalContext` Resources: * https://github.com/CycloneDX/specification/pull/325/files * https://cyclonedx.org/docs/1.6/json/#components_items_evidence_occurrences When adding these new properties to...
This issue is to track ~~#142~~ #165, the addition of the CBOM model from CycloneDX spec version 1.6. See: https://cyclonedx.org/docs/1.6/json/#components_items_cryptoProperties https://cyclonedx.org/guides/OWASP_CycloneDX-Authoritative-Guide-to-CBOM-en.pdf
This is to track the addition of the `"acknowledgement"` field to type `License` (spec 1.6). See: * https://cyclonedx.org/docs/1.6/json/#components_items_licenses_oneOf_i0_items_license_acknowledgement * https://github.com/CycloneDX/specification/pull/408
## Describe the feature Vulnerabilities can have an [EPSS](https://www.first.org/epss/) score attached to them. This describes the probability of a vulnerability being exploited. As of spec version 1.6, there is no...
This PR was automatically created by Snyk using the credentials of a real user. Snyk has created this PR to upgrade axios from 1.6.8 to 1.7.2. :information_source: Keep your dependencies...
Adds parlay as a tool used during SBOM creation when running * `ecosystems enrich` * `scorecard enrich` * `snyk enrich` This behaviour is opt-out through the `--omit-watermark` flag. Closes #82.