scancode.io icon indicating copy to clipboard operation
scancode.io copied to clipboard
verified publisher icon aboutcode-org

Enrich an SBOM using OSSF Security Score Card

Open AyanSinhaMahapatra opened this issue 2 years ago • 3 comments

From @pombredanne

We already have SBOM export (and import) options in scancode.io supporting SPDX and CycloneDX SBOMs, and we can enrich this data using the public https://github.com/ossf/scorecard#public-data or the RestAPI at: https://api.securityscorecards.dev/.

  • [ ] #1282
  • [ ] #1283
  • [ ] #1284
  • [ ] #1285

AyanSinhaMahapatra avatar Feb 08 '23 13:02 AyanSinhaMahapatra

We should implement this as a new pipeline. The enrich data can be included in the exports when available.

tdruez avatar Feb 15 '23 08:02 tdruez

I am interested to work on this issue as part of the GSoC program 2023, how can I get more involved in the project?

rabajaj0509 avatar Feb 15 '23 15:02 rabajaj0509

@rabajaj0509 https://scancodeio.readthedocs.io/en/latest/contributing.html is a good start.

tdruez avatar Feb 16 '23 09:02 tdruez