PackageName: Spellchecker of Yendor SPDXID: SPDXRef-Package-Yendor PackageVersion: v3.5-beta2 PackageSupplier: Person: Wizard of Yendor FilesAnalyzed: false PackageDownloadLocation: NOASSERTION Relationship: SPDXRef-Package-Frobozz CONTAINS SPDXRef-Package-Yendor 您可以重定向到给定的链接以获得更多的理...
mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom 该命令为Maven项目生成包含可传递(间接)依赖关系的SBOM,并在默认情况下将它们保存在target/bom.json文件中。 最初,运行这个命令花了我5分钟多的时间,但是当依赖项已经在本地拉出时,它花了我13秒。在构建工件的CI/CD管道中,构建SBOM的过程应该非常快。
"component":{"type":"library","bom-ref":"pkg:pypi/fastapi@0.103.1","name":"fastapi","version":"0.103.1","description":"FastAPI is a modern, fast (high-performance), web framework for building APIs with Python 3.7+ based on standard Python type hints.","licenses":[{"license":{"id...
Library, 'myComponentA', ) bom.components.add(componentA) bom.metadata.component.dependencies.add(componentA.bomRef) API documentation We ship annotated type definitions, so that your IDE and tools may pick up the documentation when you use this library downstream. There are also pre-rendered ...
bomRef = pkg.id.toCoordinates() group = pkg.id.namespace name = pkg.id.name version = pkg.id.version description = pkg.description bomRef = pkg.id.toCoordinates() // TODO: Map package-manager-specific OPTIONAL scopes. scope = if (input.ortResult.isExcluded(pkg.id)) { @@ -119,9 ...
"bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", "version": 1, "metadata": { "component": { "type": "application", "bom-ref": "acme-application", "name": "Acme Application", "version": "1.0" } }, "compon...
amazon:inspector:sbom_scanner:fixed_version:component_bom_ref特定の脆弱性に対して、指定されたコンポーネントの修正バージョンを提供します。 amazon:inspector:sbom_scanner:high_vulnerabilitiesSBOM で見つかった重大度が高い脆弱性の総数。 amazon:inspector:sbom_scanner:info特定のコンポーネントのスキ...
Currently a component in the CycloneDX report looks something like this: {"name":"GitPython","version":"3.1.43","purl":"pkg:pypi/GitPython@3.1.43","type":"library","bom-ref":"pkg:pypi/GitPython@3.1.43","properties":[{"name":"reachability","value":"not_available"}]} ...
amazon:inspector:sbom_scanner:fixed_version:component_bom_ref Provides the fixed version of the indicated component for the given vulnerability. amazon:inspector:sbom_scanner:high_vulnerabilities Count of the total number of high severity vulnerabilities found in the SBOM. amazon:inspector:sbom_scanner:...
"component": { "bom-ref": "67aed86799793a90", "type": "file", "name": "/home/downloads" } I think this should could probably check for the CycloneDX component type being only those appropriate to create packages. My feeling looking at the list is, this would include: application, ...