CycloneDX/cyclonedx-gomod

Issues

• GOEXPERIMENT environment variable is not used when calling go list

  #604 opened 2 months ago by TheRebelOfBabylon
  1

• Different naming of Golang standard library between trivy and cyclonedx-gomod

  #587 opened 2 months ago by beatrausch
  5

• GoReleaser issues (SBOM)

  #586 opened 2 months ago by jeeftor
  0

• Disable HTML escaping when output in JSON

  #555 opened 5 months ago by t-katsumura
  1

• update created tools section to v1.6

  #528 opened 6 months ago by bernhardreiter
  1

• Indirect dependencies not added BOM file while generation BOM using Cyclonedx

  #485 opened 10 months ago by super3programmer
  4

• stop creating an MD5 hash

  #529 opened 6 months ago by bernhardreiter
  0

• Incorrect version of xorm dependencies are reported in SBOM

  #518 opened 7 months ago by shusriva
  4

• Please update go version to 1.23.0

  #515 opened 7 months ago by andriiskripka
  0

• Display errors from go command

  #476 opened 10 months ago by victorc-cylus
  2

• Capture compiler information

  #128 opened 3 years ago by nscuro
  0

• Capture vendored modules in stdlib

  #132 opened 3 years ago by nscuro
  0

• `bin`: Support macOS universal binaries

  #120 opened 3 years ago by nscuro
  0

• cyclonedx-gomod:latest doesn't support go project with version 1.22 ?

  #439 opened a year ago by shubhit7
  1

• Module cloned with --shared fails version retrieval

  #436 opened a year ago by svenschwermer
  0

• Failed to load stdlib module when executing cyclonedx-gomod

  #423 opened a year ago by emacampolo
  3

• mod failed due to calculating has of non go file

  #201 opened 2 years ago by rucciva
  8

• Last repository tag picked over first reachable when determining version

  #419 opened a year ago by jxlambda
  3

• cyclonedx-gomod mod -licenses -json -output ./sbom.json 生成的许可证信息为什么是这种 "evidence": { "licenses": [ { "license": { "id": "MIT" } } ] }而不是 "licenses": [ { "license": { "id": "MIT" } } ]

  #398 opened a year ago by wujunhuge
  1

• Add license text and copyright to SBOM

  #392 opened a year ago by alex1891
  0

• I just want to plug in SBOM for my project, use cyclonedx-gomd command why download cyclonedx-go first, how to solve this problem

  #386 opened a year ago by monkeylijin
  3

• No Author information in SBOM

  #388 opened a year ago by CameronGo
  2

• 8:57PM ERR error="failed to convert modules: failed to calculate module hash: open /Makefile: no such file or directory"

  #381 opened a year ago by rangesh-gupta
  1

• Using the gh-gomod-generate-sbom action, fails when execution the "Cheap trick" gocmd.ModWhy call

  #230 opened 2 years ago by jeroendee
  8

• Support optional name input

  #328 opened 2 years ago by VinodAnandan
  0

• flag provided but not defined: -output-version

  #207 opened 2 years ago by nancheal
  2

• Can you please cut a new release?

  #281 opened 2 years ago by FrimIdan
  2

• Include OS and architecture in PURL qualifiers of main components

  #148 opened 2 years ago by nscuro
  0

• Support for non linux and amd64 for running unit test

  #252 opened 2 years ago by neilnaveen
  0

• GitHub API rate limit

  #221 opened 2 years ago by manuel-scharf-snkeos
  2

• Troubles to scan vendored private modules if there's no access to the private repository

  #206 opened 2 years ago by v0lkc
  1

• Missing dependencies (e.g. ghodss/yaml missing in kubernetes/apimachinery)

  #196 opened 3 years ago by albert0815
  2

• Generated BOM has incompatible '+'

  #186 opened 3 years ago by brianwilkinson
  1

• sign binaries and container images with cosign

  #152 opened 3 years ago by developer-guy
  1

• Remove dependency to `go-git`

  #100 opened 3 years ago by nscuro
  9

• Build container images for multiple Go versions

  #88 opened 3 years ago by nscuro
  1

• Investigate usage of `golang.org/x/tools/go/packages` for package loading

  #130 opened 3 years ago by nscuro
  1

• Capture file licenses

  #129 opened 3 years ago by nscuro
  0

• Output SBOMs conforming to CycloneDX spec v1.4

  #124 opened 3 years ago by nscuro
  0

• Decouple license detection

  #117 opened 3 years ago by nscuro
  0

• Question: make LoadModulesFromBinary public?

  #99 opened 3 years ago by imjasonh
  4

• Make building blocks importable.

  #108 opened 3 years ago by pbalogh-sa
  2

• `bin`: Support additional build info in binaries built with Go 1.18+

  #86 opened 3 years ago by nscuro
  3

• Include stdlib packages in application SBOM

  #84 opened 3 years ago by thediveo
  6

• Include packages in application SBOM

  #85 opened 3 years ago by nscuro
  0

• Add option to assert detected licenses

  #96 opened 3 years ago by nscuro
  0

• Introduce multi-platform image builds

  #87 opened 3 years ago by nscuro
  1

• Reference base images by their sha256 digest

  #89 opened 3 years ago by nscuro
  0

• license determination fails for dependency with version-embedding package import path

  #79 opened 4 years ago by thediveo
  2

• cyclonedx-gomod "DBG dependency not found ...", produces almost empty BOM

  #76 opened 4 years ago by thediveo
  3