POM/Maven scanning capability
nhopkins19 opened this issue · 2 comments
nhopkins19 commented
Could we potentially add the ability for Bomber to scan pom(maven) files, and if so, what would be needed to accomplish this?
Maybe we could create a wrapper for his Maven POM parser:
nhopkins19 commented
@djschleen Let me know what you think
djschleen commented
Hey @nhopkins19 - use Syft or another SBOM generator to create the SBOM, and then bomber will scan it for vulnerabilities.