Skip to content

Add NTIA minimum SBOM elements #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 29, 2021
Merged

Add NTIA minimum SBOM elements #8

merged 1 commit into from
Nov 29, 2021

Conversation

@j-hartley
Copy link

@j-hartley j-hartley commented Nov 27, 2021

Problem:

The BOM generated by syft does not contain all the recommended minimum
data for SBOM best practice, see:
https://www.ntia.doc.gov/report/2021/minimum-elements-software-bill-materials-sbom

Solution:

Patch the missing elements into the SBOM prior to uploading.
Validate the SBOM against the cyclone DX 1.2 XML schema to make sure it
is correctly constructed.

eccles
eccles suggested changes Nov 29, 2021
View reviewed changes
@j-hartley j-hartley force-pushed the dev/j-hartly/add-ntia-minimum-elements branch from 2332d54 to 18954cf Compare November 29, 2021 09:41
@jshartley
Add NTIA minimum SBOM elements
94f3618 
Problem:

The BOM generated by syft does not contain all the recommended minimum
data for SBOM best practice, see:
https://www.ntia.doc.gov/report/2021/minimum-elements-software-bill-materials-sbom

Solution:

Patch the missing elements into the SBOM prior to uploading.
Validate the SBOM against the cyclone DX 1.2 XML schema to make sure it
is correctly constructed.

Signed-off-by: John Hartley
@j-hartley j-hartley force-pushed the dev/j-hartly/add-ntia-minimum-elements branch from 18954cf to 94f3618 Compare November 29, 2021 09:43
@j-hartley j-hartley merged commit 6dd4a86 into main Nov 29, 2021
@j-hartley j-hartley deleted the dev/j-hartly/add-ntia-minimum-elements branch November 29, 2021 09:54
@j-hartley j-hartley restored the dev/j-hartly/add-ntia-minimum-elements branch November 29, 2021 10:47
@j-hartley j-hartley deleted the dev/j-hartly/add-ntia-minimum-elements branch November 29, 2021 14:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JAG-UK JAG-UK Awaiting requested review from JAG-UK

@leflambeur leflambeur Awaiting requested review from leflambeur

1 more reviewer

@eccles eccles eccles approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@j-hartley @eccles @jshartley