cyclonedx-linux-generator
cyclonedx-linux-generator copied to clipboard
CycloneDX
Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions
I tried running the generator using the .sh script and as a java -jar file (SNAPSHOT-jar-with-dependencies). I included the error below (from .sh script logs), but I am running the...
Make the `purl` that is output align with what DependencyTrack expects. I understand this could potentially be breaking for those who expect the purl to be where the package was...
Bumps [junit-jupiter](https://github.com/junit-team/junit5) from 5.8.1 to 5.9.2. Release notes Sourced from junit-jupiter's releases. JUnit 5.9.2 = Platform 1.9.2 + Jupiter 5.9.2 + Vintage 5.9.2 See Release Notes. JUnit 5.9.1 = Platform...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.5 to 3.3.0. Release notes Sourced from actions/checkout's releases. v3.3.0 What's Changed Implement branch list using callbacks from exec function by @cory-miller in actions/checkout#1045 Add in explicit...
Running `mvn clean package` fails to resolve all dependencies. ``` Could not resolve dependencies for project org.cyclonedx.contrib.com.lmco.efoss.unix.sbom:linux-sbom-generator:jar:3.1.0-SNAPSHOT: Could not find artifact org.cyclonedx.contrib.com.lmco.efoss.sbom:sbom-commons:jar:1.2.0-SNAPSHOT in masergy-nexus-public-repository ```
Bumps [jackson-dataformat-xml](https://github.com/FasterXML/jackson-dataformat-xml) from 2.12.5 to 2.14.1. Commits f4ba621 [maven-release-plugin] prepare release jackson-dataformat-xml-2.14.1 8536b5e Prepare for 2.14.1 release 54a72b5 Add passing test for #547 e29a1dd Test renaming 077a9d9 Minor test clean...
in `RedHatSBomGenerator.java`, the method to get component purl is by parsing cmd output from `yumdownloader --urls "softwarename"`, which returns http url to download the rpm, but that's not purl. purl...
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2 to 3.5.1. Release notes Sourced from actions/setup-java's releases. v3.5.1 In scope of this release we change logic for Microsoft Build of OpenJDK. Previously it had hard...
Bumps log4j-core from 2.17.0 to 2.19.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Hello, if the system locale is different than en_US you get the internationalized output of apt, but the output is parsed based on the english words. Therefore the building of...
