Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enrich an SBOM using OSSF Security Score Card #598

Open
4 tasks
AyanSinhaMahapatra opened this issue Feb 8, 2023 · 3 comments · May be fixed by #1294
Open
4 tasks

Enrich an SBOM using OSSF Security Score Card #598

AyanSinhaMahapatra opened this issue Feb 8, 2023 · 3 comments · May be fixed by #1294
Assignees

Comments

@AyanSinhaMahapatra
Copy link
Member

AyanSinhaMahapatra commented Feb 8, 2023

From @pombredanne

We already have SBOM export (and import) options in scancode.io supporting SPDX and CycloneDX
SBOMs, and we can enrich this data using the public https://github.com/ossf/scorecard#public-data
or the RestAPI at: https://api.securityscorecards.dev/.

@tdruez
Copy link
Contributor

tdruez commented Feb 15, 2023

We should implement this as a new pipeline. The enrich data can be included in the exports when available.

@rabajaj0509
Copy link

I am interested to work on this issue as part of the GSoC program 2023, how can I get more involved in the project?

@tdruez
Copy link
Contributor

tdruez commented Feb 16, 2023

404-geek referenced this issue in 404-geek/scancode.io Jun 26, 2024
developed functions to check for availability nexB#598

Signed-off-by: 404-geek <pranayd61@gmail.com>
404-geek referenced this issue in 404-geek/scancode.io Jun 26, 2024
Signed-off-by: 404-geek <pranayd61@gmail.com>
404-geek referenced this issue in 404-geek/scancode.io Jun 26, 2024
Signed-off-by: 404-geek <pranayd61@gmail.com>
404-geek referenced this issue in 404-geek/scancode.io Jul 7, 2024
… nexB#598

Signed-off-by: 404-geek <pranayd61@gmail.com>
@404-geek 404-geek linked a pull request Jul 26, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants