xRate1337

Hi, is there any progress in shifting information about the status of the cves in dtrack over the sbom? I just saw the option to use the combination of cycloneDX...

What is the current status? Does it already work with the pedigree feature of CycloneDX? Or has someone already tried to pack it into a VEX file and attach it...

The licenses are in the sbom now but if I upload it to dependencytrack it's still missing. Does yours work?

Dependency-Track still doesn't show the licenses. Maybe it'll with the planned changed u mentioned.

in the Sbom it looks like this: { "name": "libevdev", "version": "1.12.1", "cpe": "cpe:2.3:a:*:libevdev:1.12.1:*:*:*:*:*:*:*", "licenses": [ { "license": { "name": "MIT", "text": { "contentType": "text/plain", "content": "\nMIT License\n\nCopyright (c) \n\nPermission...

Hi vasba, thank you for your response. When u comment the expression line out it works fine. But I have an other problem now. Do you know how I can...