News
This is a gh CLI extension that outputs JSON SBOMs (in SPDX or CycloneDX format) for your GitHub repository using information from Dependency graph.. SPDX output use the Dependency Graph SBOM API, ...
Problem overview. CycloneDX tools vary in their support for dependency graph information. For example, [email protected] supports it, while cyclonedx-node-module does not due to ...
Software bill-of-materials (SBOM) documents would be used in Python packages as a means to improve their “measurability” and to address the problem of “phantom dependencies” in Python ...
For example, there are often several vendor solutions for a given application. SBOM analysis can highlight which solutions are dependent on open-source components as well as dependencies.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback