cyclonedx-core-java
cyclonedx-core-java copied to clipboard
CycloneDX
CycloneDX SBOM Model and Utils for Creating and Validating BOMs
Hello Team, How can i use cyclonedx to get the SBOM without adding to as part of POM.xml ?
Need this for the Lockheed Martin UnixSBomGenerator, which was coded using schema 1.3, not 1.2.
Add support for Blake3 to BomUtils. Requires commons-codec 1.16 (not currently released)
The root bom and individual components can be signed. This enhancement request is to: * Add support for signing the bom element and individual component elements * Add verification of...
I added an extensible type to a component. Code wise it looks good. I see the extensible type. XML wise looks a little wierd. ``` ..... ``` I would have...
Affected version: 9.0.4. OS: Linux Minimal example: ``` omnect-cli dep 0.0.2 ``` Exception: ``` org.cyclonedx.exception.ParseException: com.fasterxml.jackson.databind.JsonMappingException: Cannot deserialize value of type `java.util.ArrayList` from Object value (token `JsonToken.START_OBJECT`) at [Source: UNKNOWN;...
According to the official spec, a service can contain an attribute called '[trustZone](https://cyclonedx.org/docs/1.6/json/#services_items_trustZone)' (different than the x-trust-boundary). However, the Service class in v9.0.4 of cyclonedx-core-java, does not contain this attribute.
https://repo.maven.apache.org/maven2/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.pom ```xml CDDL + GPLv2 with classpath exception https://github.com/javaee/javax.annotation/blob/master/LICENSE repo A business-friendly OSS license ``` Details are here: https://github.com/CycloneDX/cyclonedx-gradle-plugin/issues/479
One way to fix https://github.com/DependencyTrack/dependency-track/issues/3834 and make `vulnerabilities` elements in BOMs and VEXs unique, is to make Vulnerability objects comparable to one another on a fields basis. To get this,...
Enables comparison of two Vulnerability objects by their fields' values. Implements #463