Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define the data spec for SBOM #10

Open
steven-zou opened this issue Jan 25, 2022 · 3 comments
Open

Define the data spec for SBOM #10

steven-zou opened this issue Jan 25, 2022 · 3 comments
Labels
area/data data/SBOM

Comments

@steven-zou
Copy link
Contributor

No description provided.

@steven-zou
Copy link
Contributor Author

Maybe adopting the standard https://spdx.org/ is enough.

@steven-zou
Copy link
Contributor Author

Much more reference here: https://info.aquasec.com/gartner-sbom?_hsmi=209852081&_hsenc=p2ANqtz-9VQ2cCqfDtVMLi7sS4DSIm52pp_qTSFxKMU35x_Oe4Aw8NkZCnYp657861WmvP13-A3wfFr95HEwEa9X9N901YEPk6GA

@danielpacak danielpacak mentioned this issue Jun 3, 2022
Open
@prabhu
Copy link

prabhu commented Nov 21, 2023

Consider adopting CycloneDX standard for both SBOM and vulnerabilities. As a bonus, results from advanced analysis, such as reachability, can be represented as evidence, thus reducing the integration effort involved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/data data/SBOM
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@prabhu @steven-zou