CycloneDX SBOM Spec

@CycloneDX_Spec

Open source Software Bill-of-Material (SBOM) specification that is lightweight and security focused

Vrijeme pridruživanja: lipanj 2017.

Medijski sadržaj

  1. ProTip: Generating CycloneDX BOMs is built in to Nexus IQ v70 or higher.

  2. Do you use CycloneDX? If so, what use-cases does it solve today and what use-cases will it solve for you in the future? Please let Duncan know in this thread. The work he (and others) are doing is important for the continued adoption of

  3. Just released: CycloneDX RubyGem v1.1.0. This is the first version to be published to . This gem creates CycloneDX BOMs from Ruby projects.

  4. Now in Beta: CycloneDX Rust (Cargo) Plugin. Rust projects can now generate CycloneDX BOMs from their Cargo projects. Feedback welcome. Pull requests encouraged.

  5. Just Released - CycloneDX Module v1.0.0 After a year of production quality beta’s, v1.0.0 has finally arrived. New in this version is support for CycloneDX v1.1 (by default), license enhancements, and lots of smaller bug fixes. npm install -g @cyclonedx/bom

  6. Just Released - CycloneDX Gradle Plugin v1.0.0 This plugin allows projects to automatically generate a CycloneDX v1.1 from their projects. This is the initial release. Feedback welcome.

  7. CycloneDX SBOM format will soon be available for JSON. Utilizing JSON Schema draft-7, the JSON format closely resembles the XML format we all know - only optimized for JSON. Public drafts will be published in the coming weeks. Stay tuned.

    Prikaži ovu nit
  8. When evaluating Software Composition Analysis () tools, inquire about their support for Software Bill-of-Materials (). CycloneDX is ideal in high-velocity environments and third-party due diligence for vulnerability, license, and other supply chain risk analysis

  9. CycloneDX BOM schema v1.1-DRAFT-2 has been published. This draft supports SPDX expressions, license text and URL, and has minor corrections. There will be a final draft next week followed in the release on March 1.

  10. We’re happy to announce that CycloneDX schema v1.1-DRAFT-1 is available for preview. Includes support for documenting component pedigree, external references, file-type components, and optionally applying XML Signature. See for links and details.

    Prikaži ovu nit
  11. We’ve just released a .NET Core global tool to generate CycloneDX bill-of-material documents for projects.

    Prikaži ovu nit
  12. The project is looking for volunteers to assist with the creation of native build plugins, specifically , , and . Spec is easily to understand so impl should not be difficult.

  13. CycloneDX Maven Plugin v1.1.0 released. Create bill-of-materials from Maven projects. Thanks to Jonas Arnold Clasen for the new aggregate functionality. Also released v1.0.0 of a core Java module to programmatically create and validate BoMs.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·