Steve Springett
Steve Springett
The mindmap of the taxonomy currently in development is located: https://drive.google.com/file/d/1Uot5Ntm0NB3kJgHAc7fDtZTleJIhZS2P/view?usp=sharing Use [XMind](https://www.xmind.net/) to view. A preview of the taxonomy is here (may not always be update to date): https://drive.google.com/file/d/1_GIylG4K3mT_TPeGJlIUj4HtouNRgtPQ/view?usp=sharing
Possible improvements to the spec would be to map SCVC controls to existing control documents including: * NIST 800-53 * NIST 800-171 * CMMC * OWASP ASVS * OWASP SAMM...
Hash support needs serious improvement. It appears that hashes are derived from the package itself, rather than calculating them. If the package didn't have a hash, it doesn't show up...
CycloneDX SBOMs can be signed at the root bom level and can also be signed on a component level. This enhancement request is to add support for applying signatures to...
For components that a development team knows are modified, CycloneDX CLI should ideally be able to reach out into the VCS (git) and retrieve the commits that make a modified...
One of the benefits of an SBOM first approach in a build pipeline is to be able to correct component identity and other data during a build. Examples: * Correcting...