sbs
sbs
The temp domain for now would be https://vulnerablecode.aboutcode.org
I didn't see this mentioned, so here it is https://access.redhat.com/hydra/rest/securitydata/cve.json Anyways the larger issue with extracting data from any of the above mentioned sources (and CVRF advisories in general) is...
Things which we already use, without clarification of LICENSE. We need to reach/dig deeper these sources - [x] https://gitlab.alpinelinux.org/alpine/infra/alpine-secdb : based on https://gitlab.alpinelinux.org/alpine/infra/docker/secdb/-/blob/master/license.txt this is CC-BY-SA-4.0 - [ ] https://security.archlinux.org/json...
@JamieMagee Since the detectors have dependency on various language runtimes IMHO using bullseye-slim would be much simpler as installation of these is easy. On alpine, for eg there's no way...
@JamieMagee I've posted a review comment on the PR.
Created https://github.com/microsoft/sbom-tool/pull/110 . @aasim We'll need someway to publish the images to some registry. I don't know the Microsoft way to handle this. If we want to publish to GHCR...
@asraa and @venafi-iw could you please clarify what the TODO precisely means ;) Is it perm locking down in the sense of doing something equivalent to `chattr +i ` ?
How does this look ``` the purl authors packageurl_python 0.9.3 A "purl" aka. Package URL parser and builder d051230d016990f856c14ceb6ec7836c 0682b2eddab16151da5bd4ef38081e9b27f8eb33cd29baf41f4996d4e88e6e70 MIT pkg:pypi/[email protected] false Kenneth Reitz requests 2.25.0 Python HTTP for...
@stevespringett thanks for the links . Correct me if I am wrong: to translate the v1.2 spec to python world, the `setup.py` or something top level would need to be...
@brian-avery re two different front-matter fields That's actually one front matter, they are using toml instead of yaml. In any case taking any approach would be fine. IMHO single frontmatter...