advanced-security / crypto-bill-of-materials-data Goto Github PK
View Code? Open in Web Editor NEWGenerate a Crypto Bill of Materials using CodeQL
License: MIT License
Generate a Crypto Bill of Materials using CodeQL
License: MIT License
d6c28b3fc7ea206058fbe6f8dc4bfbb8131af336
d3d0f3ba4dc9256122f01ebdd4be4fae2a586df3
f8ee8adfdeb88e942d0919952d03e2fbfbc9a4b9
Hi,
The way information on the project being scanned is presented in the SARIF output is inconsistent with the format used in the MRVA repo. This is causing an issue when generating a CBOM from the output as the parser expects to be able to extract an identifier for the project
This Repo
The project name is extractable only from the automationDetails
key:
"automationDetails" : {
"id": "PQC:curzona/pytest-xdist/python/"
}
MRVA Repo
The project name is extractable only from the versionControlProvenance
key
"versionControlProvenance": [
{
"repositoryUri": "https://github.com/MaterializeInc/materialize",
"revisionId": "0f612c8e670f07ccfbfc40f72ca2b3f3a3c0a485"
}
]
Please could we get clarification on how project information will be reported in the SARIF output going forwards, so that the parser can read the output accordingly?
Thanks
d6c28b3fc7ea206058fbe6f8dc4bfbb8131af336
93ebd83ecdbc5685f65225a22922b8dc394dddcc
b8e2a17de1aa76085df168a86dbb98ce53979faf
431f77ddb4194d5b3357c4b4126de1dc9dac6126
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.