-
Notifications
You must be signed in to change notification settings - Fork 0
SBOM Ingestion
Franco Stramana edited this page Aug 18, 2023
·
2 revisions
To uncover potential compliance issues in your Open Source project now you will be able to attach an SBOM file including the list of components you don’t want to see in the audit results.
- CycloneXD https://cyclonedx.org/docs/1.5/json/
- SPDX https://spdx.github.io/spdx-spec/v2.3/
- Custom JSON Format: see example
{
"components": [
{
"purl": "pkg:npm/firetool"
},
{
"purl": "pkg:github/francostramana/firetools"
}
]
}