nil4

Results 3 comments of nil4

Wrongly assigned CVE critical vulnerabilities to 16.16.0

https://github.com/github/advisory-database#contributions suggests a couple of approaches that might help.

`merge`-d polyglot SBOM loses dependency graph information

Upon further testing, the issue is also apparent when merging SBOMs where each includes dependency graph information. For example, merge two .NET project SBOMs: ```cmd mkdir src\csharp1 && pushd src\csharp1...

sbom merged with cyclonedx-cli does not get imported

You may be running into https://github.com/DependencyTrack/dependency-track/issues/1214, due to recent `cyclonedx-cli` versions writing merged output with a UTF-8 BOM (byte-order-mark), which DT v4.3.6 rejects as invalid on upload. Due to this...