Include CVEs (vulnerabilities) into the SBOM #640
gypsilonAdmin
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi all
Thanks for your great work. With the Cyper Resilience Act (CRA) in front of us, I highly appreciate your SBOM generator :)
I was looking for a visualization tool for SBOMs and found "https://cyclonedx.github.io/Sunshine/".
The interface of "Sunshine" makes me think that CycloneDX SBOM may hold aside from the bill-of-material information also vulnerability information of the included libraries.
Currently I am using the owasp dependency-check maven plugin for a vulnerability reporting. Wouldn't it be cool if the two plugins would cooperate and the CVEs woud be included into the SBOM you produce?
Just a suggestion ;)
Beta Was this translation helpful? Give feedback.
All reactions