From 6211c9f808c934e2f77abb5e13945f6ce339eb8a Mon Sep 17 00:00:00 2001 From: Ryan Mast Date: Fri, 22 Dec 2023 18:06:50 -0800 Subject: [PATCH 1/8] Add Surfactant to tools list Signed-off-by: Ryan Mast --- _data/tools.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/_data/tools.yml b/_data/tools.yml index 3fc7d86..8655ee6 100644 --- a/_data/tools.yml +++ b/_data/tools.yml @@ -1836,3 +1836,12 @@ - opensource - build-integration - github-action +- name: Surfactant + publisher: LLNL + description: A modular framework for extracting file information and relationships for filesystems, with an SBOM as the primary output. Also supports limited SBOM merging, editing, and conversion between formats. Several of the supported file types include PE (both native and .NET), ELF, and MSI files. + repoUrl: https://github.com/LLNL/Surfactant + websiteUrl: https://github.com/LLNL/Surfactant + categories: + - opensource + - transform + - library From 16b4c95a5915df4552b7a259336cf105257fa0cf Mon Sep 17 00:00:00 2001 From: idonders-secpat <123497194+idonders-secpat@users.noreply.github.com> Date: Fri, 19 Apr 2024 11:50:39 +0200 Subject: [PATCH 2/8] Add SUM Platform to tools list Signed-off-by: idonders-secpat <123497194+idonders-secpat@users.noreply.github.com> --- _data/tools.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/_data/tools.yml b/_data/tools.yml index 9524260..6def064 100644 --- a/_data/tools.yml +++ b/_data/tools.yml @@ -1868,3 +1868,11 @@ - opensource - analysis - distribution +- name: SUM Platform + publisher: Security Pattern + description: SBOM management and vulnerability monitoring platform for IoT and embedded systems. Show compliance to regulations and standards and manage risk across the entire product lifecycle. + websiteUrl: https://www.securitypattern.com/sumplatform + categories: + - proprietary + - analysis + - build-integration From 96c9a03850409c7e96260070718424897ed4c94c Mon Sep 17 00:00:00 2001 From: coderpatros Date: Sun, 28 Apr 2024 00:20:26 +0000 Subject: [PATCH 3/8] Update contributors --- about/working-groups/working-groups.json | 28 ++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/about/working-groups/working-groups.json b/about/working-groups/working-groups.json index 91f5ec6..be21e68 100644 --- a/about/working-groups/working-groups.json +++ b/about/working-groups/working-groups.json @@ -4404,5 +4404,33 @@ "categories": [ "contributors" ] + }, + { + "displayName": "zkstchhh", + "lastName": "zkstchhh", + "headshot": "https://avatars.githubusercontent.com/u/165038306?v=4", + "organization": null, + "description": null, + "twitter": null, + "linkedin": null, + "github": "zkstchhh", + "homepage": "https://github.com/zkstchhh", + "categories": [ + "contributors" + ] + }, + { + "displayName": "XSpielinbox", + "lastName": "xspielinbox", + "headshot": "https://avatars.githubusercontent.com/u/55600187?v=4", + "organization": null, + "description": null, + "twitter": null, + "linkedin": null, + "github": "XSpielinbox", + "homepage": "https://github.com/XSpielinbox", + "categories": [ + "contributors" + ] } ] \ No newline at end of file From 60b4fe358cae99b071939fb35f15be5501c5816b Mon Sep 17 00:00:00 2001 From: settletop-niles <124741485+settletop-niles@users.noreply.github.com> Date: Wed, 1 May 2024 08:40:23 -0400 Subject: [PATCH 4/8] Add SettleTop tooling to tools.yml Add SettleTop's SBOM Vendor Management to the tools.yml file Signed-off-by: settletop-niles <124741485+settletop-niles@users.noreply.github.com> --- _data/tools.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/_data/tools.yml b/_data/tools.yml index 9524260..522c4a1 100644 --- a/_data/tools.yml +++ b/_data/tools.yml @@ -1868,3 +1868,11 @@ - opensource - analysis - distribution +- name: SBOM Vendor Management + publisher: SettleTop, Inc. + description: Manage, assess, store and monitor all your vendor’s SBOMs in one secure, centralized dashboard to improve supply chain security. + websiteUrl: https://www.settletop.com/sbom + categories: + - proprietary + - analysis + - transform From 8ee72d88c8ade95d1abc129714fb1fb8c2e5c4bd Mon Sep 17 00:00:00 2001 From: Jan Biasi Date: Fri, 3 May 2024 07:54:53 +0200 Subject: [PATCH 5/8] add rollup-plugin-sbom to the tools list for frontend projects Signed-off-by: Jan Biasi --- _data/tools.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/_data/tools.yml b/_data/tools.yml index 9524260..af5cef0 100644 --- a/_data/tools.yml +++ b/_data/tools.yml @@ -1868,3 +1868,12 @@ - opensource - analysis - distribution +- name: Rollup Plugin SBOM + publisher: Jan Biasi + description: Creates CycloneDX SBOMs for frontend Javascript applications that have + been bundled with rollup or vite. + repoUrl: https://github.com/janbiasi/rollup-plugin-sbom + websiteUrl: https://github.com/janbiasi/rollup-plugin-sbom + categories: + - opensource + - build-integration From f07f898e076869b7f988b265525abd094c8c6d37 Mon Sep 17 00:00:00 2001 From: jonli-sec <167577434+jonli-sec@users.noreply.github.com> Date: Fri, 3 May 2024 14:12:39 -0400 Subject: [PATCH 6/8] Add Product Security Hub to the tools list Add Product Security Hub to the tools list Signed-off-by: jonli-sec <167577434+jonli-sec@users.noreply.github.com> --- _data/tools.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/_data/tools.yml b/_data/tools.yml index 9524260..40adefe 100644 --- a/_data/tools.yml +++ b/_data/tools.yml @@ -1868,3 +1868,12 @@ - opensource - analysis - distribution +- name: Product Security Hub (PSH) + publisher: Product Security Hub, LLC + description: Product Security Hub (PSH) is a cloud-based tool that provides capabilities to import, export, view, create, edit, and transform CycloneDX SBOMs and human-readable SBOMs, as well as view, add, and edit vulnerabilities as VEX data within CycloneDX SBOMs. + websiteUrl: https://www.ProductSecurityHub.com/ + categories: + - proprietary + - analysis + - transform + - author From 8a6ffeab994ae8daf33f6cae341c75a7e04a01bb Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 3 May 2024 21:52:12 +0200 Subject: [PATCH 7/8] Create CODEOWNERS Signed-off-by: Jan Kowalleck --- CODEOWNERS | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..00f26f9 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,5 @@ +# see https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners + +# all Core Team members are default-reviewers of new pull requests. +# see https://github.com/orgs/CycloneDX/teams/core-team +* @CycloneDX/core-team From 904a08d3a7a44a4b0646041fbf0dc5f653dec998 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 3 May 2024 22:18:25 +0200 Subject: [PATCH 8/8] GH workflow label tool-center Signed-off-by: Jan Kowalleck --- .github/workflows/pr_label_toolcenter.yml | 26 +++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/workflows/pr_label_toolcenter.yml diff --git a/.github/workflows/pr_label_toolcenter.yml b/.github/workflows/pr_label_toolcenter.yml new file mode 100644 index 0000000..20579c7 --- /dev/null +++ b/.github/workflows/pr_label_toolcenter.yml @@ -0,0 +1,26 @@ +# see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions +name: PR Label ToolCenter +on: + pull_request: + # see https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request + types: + - opened + branches: + - 'master' + paths: + - '_data/tools.yml' +permissions: + # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions + pull-requests: write +jobs: + label_issues: + runs-on: ubuntu-latest + steps: + - name: label the PR + # see https://docs.github.com/en/actions/managing-issues-and-pull-requests/adding-labels-to-issues#creating-the-workflow + run: gh issue edit "$NUMBER" --add-label "$LABELS" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO: ${{ github.repository }} + NUMBER: ${{ github.event.pull_request.number }} + LABELS: 'tool-center'