cyclonedx-cocoapods
cyclonedx-cocoapods copied to clipboard
CycloneDX
Creates CycloneDX Software Bill-of-Materials (SBOM) from Objective-C and Swift projects that use CocoaPods.
As an SBOM consumer I would like to have the `evidence` element added as `components/component/evidence` (XPath-like syntax) especially for the `identity` element so that I can make better decisions regarding...
We can support both XML and JSON as output options using a CLI parameter. The specification supports JSON and it should be fairly easy to adopt. https://cyclonedx.org/docs/1.5/json/#
Due to the commit ea90242 which tried to fix lint issues, the path joining of the working directory with the `Podfile` and `Podfile.lock` does not work as expected. Within `podfile_analyzer.rb`,...
We are using Expo & React Native to build apps. We've been generating and importing our SBOMs for some time and kept finding it strange that Dependency-Track never showed any...
As I had requested in #58, there was no dependency information in the SBOM, so Dependeny-Track didn't show a graph. Unfortunately, I haven't been able to follow up on this...
See cyclone DX reference: https://cyclonedx.org/docs/1.5/json/#metadata_manufacture_contact There shall be manufacture (v1.5) manufacturer (v1.6) field about the organization. Is it planned to inject such metadata during BOM generation?
