sbom-tool
sbom-tool copied to clipboard
microsoft
The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
Using the [spdx online tool](https://tools.spdx.org/app/validate/) to verify the generated spdx file has a warning The referencecategory should be PACKAGE-MANAGER instead of PACKAGE_MANAGER.
Is there a way to filter out dependencies? In my case I want to include only production dependencies and opt out dev/stage dependencies. Is that a possible option? I believe...
https://github.com/search?q=repo%3Amicrosoft%2Fsbom-tool%20DropValidator&type=code
Add a timeout while calling the CD code so that we don't spend more than 6 minutes running their code and to prevent any hangs.
This PR adds new argument to provide supplier (organization) for generated SBOM. Remaining to-do: - [x] Add assembly attribute for supply parameter. - [x] Add associated tests. - [x] Update...
Make any chnages in the IConfiguration.cs file, and that will trigger the gendocs build, however the build currently hangs without showing any error. Running locally on Ubuntu, the build fails...
I execute this command on Windows (doesn't matter if I use cmd or PowerShell): ``` C:\Temp\sbom-tool.exe generate -b "C:\src\core\Build\Service with spaces" -bc "C:\src\core\Solutions\service with spaces\src\" -pn "Foo bar services" -pv...
Hey there, I am working on generating an SBOM for a GitHub Action that sets up this SBOM-Tool in a convenient way (see: https://github.com/philips-software/sbom-tool-installer-action). After generating the SBOM, I noticed...
Hey there, I am working on generating an SBOM for a GitHub Action that sets up this SBOM-Tool in a convenient way (see: https://github.com/philips-software/sbom-tool-installer-action). After generating the SBOM, I noticed...