nigellh
nigellh
Cannot find the equivalent after searching. We have to create reports on packages showing that the ones that have a problem due to the latest version making the current one...
Mend reports are a fairly standard JSON and actually have the necessary information in to create a valid CycloneDX JSON with valid Purls [demo_mend_ua.json.zip](https://github.com/CycloneDX/cyclonedx-cli/files/11703622/demo_mend_ua.json.zip) This is a sample one and...
It is a a bit of guess work to know what the columns are for a CSV to be able to create a valid SBOM. What I have done is...
I can create a CSV that the tool will convert into a valid SBOM and that will import into dependency track. Unfortunately, if it is just the name and version...
Many packages do not have the full license in the package and might just have the name of the license(s). LicenseScanner should still be able to pick these up. Sometimes...
This is complex and may well take time to flesh out and I will keep tweaking it as I keep thinking of things. Our understanding is that LS can also...
Hi, Apologies, no discussion tab so raising it as an issue. It could be that the name was 'corrected' in 1.1.0. In version 0.0.9 the top of the METADATA file...
### Current Behavior Please see https://github.com/DependencyTrack/dependency-track/issues/3938 Followed the instructions for starting a DT instance and it failed. This was due to docker-compose (with the '-') no longer being supported with...
I created a CDX 1.4 SBOM with the licenses for one package as GPL-2.0-or-later, SMAIL-GPL, public-domain These were broken up correctly into their separate licenses in the SBOM, but on...
Unfortunately I cannot give the SBOM, but it would be pretty easy to create. I had an SBOM that would not load into Dependency Track with a Schema Validation error....