kubernetes-sigs/bom

Issues

• Path separator issue when pulling embedded license zip

  #460 opened 5 months ago by ohxeighty
  3

• bom will leave cloned modules in tmp

  #458 opened 5 months ago by puerco
  2

• Support for Generating an SBOM for the Entire Kubernetes Environment, Including Namespace, Pods, Services, Images and Network Policy Details

  #470 opened 4 months ago by RajikaJain
  1

• RPM Scanner does not work on layers where /var/lib/rpm is a symlink

  #368 opened 2 months ago by pnasrat
  13

• Push to github release

  #439 opened 2 months ago by puerco
  5

• Support for SBOMs in (signed) in-toto attestations

  #441 opened 2 months ago by puerco
  4

• Support reading/writing SBOMs from OCI registries

  #442 opened 2 months ago by puerco
  4

• Refactor internals to use protobom

  #440 opened 2 months ago by puerco
  4

• Record module version

  #438 opened 2 months ago by puerco
  4

• Incorrect detection of license per file

  #486 opened 2 months ago by kikofernandez
  0

• Replace `golang.org/x/tools/go/vcs`

  #338 opened a year ago by saschagrunert
  7

• SPDX relationships like `DEPENDENCY_OF` and `TEST_DEPENDENCY_OF` seem to be not supported

  #354 opened 8 months ago by maxhbr
  9

• Update asciinema tutorial to use mage not compile-release-tools

  #367 opened 9 months ago by pnasrat
  4

• SBOMs support dependency hierarchy for file systems and containers

  #251 opened 9 months ago by bardenstein
  13

• info? compare and contrast this project viz a viz anchore/syft

  #256 opened 10 months ago by rchincha
  5

• downloaded go modules are not being picked up by the go interpreter when bom generate runs

  #202 opened 10 months ago by sandipanpanda
  8

• typo maybe?

  #394 opened a year ago by SD-13
  3

• Provide support for CycloneDX

  #100 opened a year ago by VinodAnandan
  11

• Error on outlining if we use multiple directories with same go modules

  #187 opened a year ago by kranurag7
  7

• Release v0.5.1 of `bom generate` can panic while main has been fixed, could we get v0.5.2?

  #385 opened a year ago by mtardy
  5

• Support Go binaries in bom generate

  #347 opened a year ago by micahhausler
  2

• PackageFromDirectory segfault

  #308 opened a year ago by howardjohn
  2

• build a distroless base image to be used for bom based on apko and melange

  #137 opened 2 years ago by developer-guy
  24

• Add compose functionality

  #168 opened 2 years ago by ivanayov
  9

• Publish container image per release

  #171 opened 2 years ago by saschagrunert
  7

• Error When Installing With Published Command

  #214 opened 2 years ago by jspeed-meyers
  0

• [SPDX][TV/JSON] SBOM required field 'Creator' is missing/incorrect

  #235 opened 2 years ago by surendrapathak
  1

• SPDX2.2: bom generates SBOM with invalid value for packageVerificationCodeValue

  #230 opened 2 years ago by surendrapathak
  0

• Panic when building with both --image and --file

  #240 opened 2 years ago by jaevans
  3

• panic: interface conversion: name.Reference is name.Digest, not name.Tag

  #192 opened 2 years ago by aanm
  4

• Fatal on scanning a dir

  #182 opened 2 years ago by sbs2001
  8

• Don't use one HTTP request per license download

  #193 opened 2 years ago by sbs2001
  5

• Issues generating an sbom for a container tagged for AWS ECR on mac m1

  #178 opened 2 years ago by strongjz
  4

• PackageName includes version string

  #172 opened 2 years ago by anthonyharrison
  4

• Error When Creating SBOM for Image Specified with Digest

  #215 opened 2 years ago by jspeed-meyers
  2

• Allow to generate SBOM of specific SPDX version

  #165 opened 2 years ago by sbs2001
  4

• Include License List Version Field.

  #164 opened 2 years ago by sbs2001
  4

• Provide CPE as an external reference for detected packages

  #142 opened 2 years ago by sbs2001
  4

• Fix namespace in golang purls

  #169 opened 2 years ago by sbs2001
  0

• SPDX 2.3 Support

  #111 opened 2 years ago by puerco
  4

• generate/sign SBOM attestation files and attach them to container image with cosign

  #82 opened 2 years ago by developer-guy
  5

• Crash when scanning scan on image

  #148 opened 2 years ago by sbs2001
  1

• error during command execution:unknown command "0.11.2" for "ko"

  #151 opened 2 years ago by developer-guy
  0

• Multiarch images broken when generating sbom from local docker cache

  #134 opened 2 years ago by puerco
  0

• Docker image for `bom` is broken

  #135 opened 2 years ago by sbs2001
  1

• bom runtime error

  #127 opened 2 years ago by mdeicas
  2

• Replace `github.com/pkg/errors` dependency with native error wrapping

  #114 opened 3 years ago by saschagrunert
  5

• Weird timestamp format in SPDX document

  #98 opened 3 years ago by lumjjb
  4

• Support additional output formats for SPDX

  #103 opened 3 years ago by jdolitsky
  2

• Signatures verification fails due to lag in registry consitency

  #94 opened 3 years ago by puerco
  0