Steve Springett
Steve Springett
In typical CDX fashion, we will try to target v1.5 of a Q1 2023 release. Therefore, there's some time to flush this out and support as many use cases as...
Thanks @brianf. Few questions... * Is the binary fingerprint reproducible from external tools? If so, can you provide a pointer on where we can find more information? * Would it...
use the self-hosted schemas if you want. I was doing it at a time when lots of other activity was happening in that repo - so I was constantly running...
Semi-related is a new OWASP Top 10 project for low-code https://owasp.org/www-project-top-10-low-code-no-code-security-risks/
Possibly reach out to https://www.prophecy.io/ as they have a low code platform and a COSS model.
@psiinon, is this something you'd be interested in providing feedback on? The general idea is to enhance existing support for specifying vulnerabilities in CycloneDX which is defined here: https://cyclonedx.org/docs/1.4/json/#vulnerabilities Vulnerabilities...
Fantastic. Thanks @psiinon. We don't have anything just yet, but here's a question... Does something already exist that we can build upon or incorporate in some way?
Hi Gareth. Yes, there are plans to port the vulnerability extension to JSON. The vulnerability extension predates CycloneDX v1.2, and therefore JSON support. The porting of the extension to JSON...
Looks like the website has a few minor navigation issues i need to look at, but wanted to point you to https://cyclonedx.org/ext/vulnerability/ as well.
I don't think moving this into a build process is something that would be possible coming from CycloneDX. If today, there are the four extensions available in JSON, and each...