tgagneret-embedded
tgagneret-embedded
I'm not sure what you mean by 'data', but If you need some components that are widely used in embedded (MCU), I can provide you a short list for your...
You can find some components used in embedded system in the following SBOM: ``` { "bomFormat": "CycloneDX", "specVersion": "1.4", "serialNumber": "urn:uuid:8454585a-e0ad-4c8c-8721-114fd54605c6", "version": 1, "components": [ { "type": "device", "name": "stm32l4",...
Hi, Is it possible to have a status on this feature ? Thanks :)
Yes I should be able to do it :)
Hi, I prefer to give you some information on how I would implement this, because there is a lot of questions. First, in the parser, I would check if cpe...
Hi, Following the code, I found that adding a new condition for `cpe23Type`, next to `purl`, might work: https://github.com/intel/cve-bin-tool/blob/bf9afe998e93d4c3afed6ff7c5dee8d9749f7273/cve_bin_tool/sbom_manager/__init__.py#L123 Howover, the code uses the `lib4sbom` library that do not have...
Hi, I don't entirely agree with you. Yes CPE is not consistent, but since cve-bin-tool searches CVE database, CPE is consistent I think (PURL might miss some CVE). When searching...
Maybe we could update the ProductInfo to something like this: ```python class ProductInfo(NamedTuple): product: str version: str cpe: CPE(vendor, product, version) purl: PURL(product, version) ``` This way we could use...
I have some coverage issue. I added some tests but it is currently skipped (`TestExploitScanner` and `TestSBOM`), so it is not taken into account for the coverage. Could you point...
@terriko I updated the PR title that caused the pipeline to fail. Can I have some feedback on the coverage issue ? Thanks.