Steve Springett
Steve Springett
Adds vulnerability evidence support. - [x] JSON Schema - [ ] XML Schema - [ ] Protobuf - [ ] Test cases Closes #333
Based on issues identified in https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/310 and which has been discussed at https://github.com/guacsec/guac/issues/594 along with a [Slack discussion.](https://cyclonedx.slack.com/archives/CVCKP34A2/p1678480722085369) on the topic, this enhancement will introduce tight scoping for nodes in...
As discussed in the ML working group, there may be a desire to tie CDX components/services as inputs/outputs of ML models within the same BOM or across BOMs. This ticket...
As discussed in the ML working groups, we have decided to remove support for explainability due to it being an emerging field of study. At a high level, explainability can...
This came about as a result of https://github.com/CycloneDX/cyclonedx-maven-plugin/pull/239 which has since been reverted. > BOM requires url to download component, pom.dM.repository is for publication (e.g. OSSRH for Maven Central) >...
For every component, the mime-type of that component should be included. However, there's seems to be some discrepancy on the exact mime types for `.jar`, `.war`, `.ear`, etc. For example,...
@prabhu You originally contributed the code for the `makePackageBom` goal. I believe this functionality has since been implemented in `makeAggregateBom`. Can we remove makePackageBom? If not, what specific value does...
This pull request implements support for `meta:enum` as described in #227.
JSON Schema does not allow enum values to be documented. The project recommends using oneOf/anyOf combined with an object with a const and description as a workaround. This is [documented...
Hello. I’m looking for example otm files that conform to the current schema. Ideally I’m looking for a few simple files containing a handful of components, single trust boundary line,...