Update SBOMs for proton-bridge #9

nscuro · 2021-05-16T13:57:49Z

As of cyclonedx-gomod v0.6.0, generated SBOMs include license information. I also added SBOMs for another version of proton-bridge to address #5.

stevespringett · 2021-05-16T14:09:23Z

Looks like the SBOMs are invalid. A license can be either a resolved SPDX license ID or an unresolved license name, but not both.

Refer to

identified here: CycloneDX/bom-examples#9 (comment) also added a validation step to the `bom` target in Makefile, so issues like that are discovered in CI. Signed-off-by: nscuro <[email protected]>

nscuro · 2021-05-16T14:59:37Z

Thanks for pointing that out @stevespringett. I created a fix and will update this PR once GitHub Actions is working again.

Signed-off-by: nscuro <[email protected]>

nscuro · 2021-05-16T15:19:49Z

SBOMs have been regenerated with v0.6.1 of cyclonedx-gomod, which includes a fix for the issue. All SBOMs have been validated using the CDX CLI.

stevespringett · 2021-05-16T21:00:40Z

Thanks @nscuro. Validated all four. Looks good and thanks for the PR.

update SBOMs for proton-bridge; include two versions (addresses Cyclo…

193ab2c

…neDX#5) Signed-off-by: nscuro <[email protected]>

fix invalid license elements in proton-bridge examples

30db4e6

Signed-off-by: nscuro <[email protected]>

stevespringett merged commit b338b2a into CycloneDX:master May 16, 2021

nscuro deleted the update-proton-bridge-examples branch May 16, 2021 21:19

stevespringett added a commit that referenced this pull request Mar 14, 2022

Added CISA VEX use case #9

a98ea4a

Provide feedback