-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(sbom): add vulnerability support for SPDX formats #7213
feat(sbom): add vulnerability support for SPDX formats #7213
Conversation
@goneall Does it meet your requirements? Please feel free to point it out if we're missing something. |
Yes - that meets the requirements. Thanks! |
pkg/sbom/spdx/marshal.go
Outdated
@@ -184,6 +193,9 @@ func (m *Marshaler) Marshal(ctx context.Context, bom *core.BOM) (*spdx.Document, | |||
relationShips = append(relationShips, m.spdxRelationShip(refA, refB, m.spdxRelationshipType(rel.Type))) | |||
} | |||
} | |||
|
|||
bom.Vulnerabilities() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is this for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm... Maybe I was checking something and forgot to delete it.
Thanks. Removed in b1ca52e
Description
SPDX v2.3 uses
externalRefs
for advisories (spdx-example).See #6308 for more details
example:
Related issues
Checklist