Skip to content

v7.1.2a
Compare
Choose a tag to compare
@dlg1206 dlg1206 released this 01 Aug 14:24
· 3548 commits to main since this release
v7.1.2a
fa42585
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

v7.1.2a

First stable release of the SBOM Visualization and Integration Platform. The full changelog can be found here

  • Open Source Integrated SBOM Generation: Makes use of open source SBOM Generator Tools to generate SBOMs
  • SBOM Generation: Custom SBOM generation via source file and package manager file analysis
  • Vulnerability Exploitability eXchange (VEX) Generation: Generate VEX documents from SBOMs
  • SBOM Metrics: Grade SBOMs using a series of metric tests
  • SBOM Comparison: Compare SBOMs to identify key differences between them
  • SBOM Merging: Merge SBOMs into a single unified document

Known Issues

  • SBOM Generation with the API is semi-unstable
  • Serialization and Deserialization of SBOMs are still in early development stages and occasionally have translation errors
  • OSI Container rarely but occasionally fails to run startup script
  • OSI XML Support is deprecated

Comments

The CI/CD SBOMs generated on release do not arcuately represent SVIP. This is a known issue, the CI/CD SBOM generator includes component information from test SBOMs that are unrelated to SVIP. Please disregard any data originated from any test/resources directory

Assets 4
Loading