nigellh

Hi, I had the same issue, but created an Automator Workflow on the Mac. Then under Settings > General > Login Items added an Open at Login item that pointed...

Check that none of the packages have a blank name in the SBOM. "name": "", It will import the SBOM up until that point and then stop and no vulnerabilities...

@stevespringett That does depend on if you have Mend or you have only been provided with a mend output which is the case that we have. We work with customers...

``` /** * @license * Lodash * Copyright OpenJS Foundation and other contributors * Released under MIT license * Based on Underscore.js 1.8.3 * Copyright Jeremy Ashkenas, DocumentCloud and Investigative...

``` /** @license Apache License 2.0 https://github.com/ReactiveX/RxJS/blob/master/LICENSE.txt **/ /** @license Apache License 2.0 https://github.com/ReactiveX/RxJS/blob/master/LICENSE.txt **/ /* ``` And yes they were both at the top of a single file!

`/** @license URI.js v4.4.1 (c) 2011 Gary Court. License: http://github.com/garycourt/uri-js */` While the license isn't directly specified, LicenseScanner could capture it for further investigation

``` /** * @license * Copyright (c) 2014 The Polymer Project Authors. All rights reserved. * This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt...

FYI [kf-sbom-validation-report.txt](https://github.com/user-attachments/files/20011734/kf-sbom-validation-report.txt)

Hi Matt, no idea, that would take a legal opinion and it might vary from product to product on how it is used. Just need to make sure the SPDX...

[jqgrid_5.8.8_20250401_164415-collect-1-4-sbom.cdx.json.zip](https://github.com/user-attachments/files/20549293/jqgrid_5.8.8_20250401_164415-collect-1-4-sbom.cdx.json.zip) Hi Matt. Here is a scan of an open source package and I have dumped the SMAIL-GPL license against a few of the packages.