bombon
bombon copied to clipboard
nikstur
Nix CycloneDX Software Bills of Materials (SBOMs)
Hello, I'm exploring SBOM generation with Nix, using this tool. I've encountered an issue where patches specified in the Nix flake do not appear in the generated SBOM. Below is...
the issue is as follows: - for the build time dependencies we want to look up meta/ pname/ ... to find information about our packages - for this we must...
[](https://renovatebot.com) This PR contains the following updates: | Update | Change | |---|---| | lockFileMaintenance | All locks refreshed | 🔧 This Pull Request updates lock files to use...
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot] avatar"){kind=avatar}
Fixed in #115: - cargo features - setting target architecture, when cross-compiling Currently missing when copying SBOMs together in workspace projects: - only copy SBOM which includes current pname in...
Depends on a new release of `cyclonedx-bom` that includes https://github.com/CycloneDX/cyclonedx-rust-cargo/pull/732
Bombon generates Package URLs, such as these: ``` pkg:nix/[email protected] ``` As far as I can see, there is no CVE data source for these PURLs. Is there any advice on...
- We should always filter out "man" and "doc" outputs - We should add an option to filter out derivations that you do not want to include via regex expressions...