You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While the answer to the first question is clear (the URL should point to the direct location of the SBOM and not a generic download page), we need to discuss:
a) whether we follow the suggested format for links into archives and
b) how to provide that guidance (e.g. FAQ question, special guidance, only in a next version of the standard, etc.)
For a) we need to consider, whether and how other formats are handling these things.
The text was updated successfully, but these errors were encountered:
https://github.com/juice-shop/juice-shop/releases/download/v16.0.0/juice-shop-16.0.0_node18_linux_x64.tgz#/juice-shop/sbom.json is something I came up with. Better might be to let the SBOM URL point to the archive, e.g. https://github.com/juice-shop/juice-shop/releases/download/v16.0.0/juice-shop-16.0.0_node18_linux_x64.tgz and and extra optional attribute, e.g. pathInArchive=/juice-shop/sbom.json .
The TC received a comment via its mailing list:
While the answer to the first question is clear (the URL should point to the direct location of the SBOM and not a generic download page), we need to discuss:
a) whether we follow the suggested format for links into archives and
b) how to provide that guidance (e.g. FAQ question, special guidance, only in a next version of the standard, etc.)
For a) we need to consider, whether and how other formats are handling these things.
The text was updated successfully, but these errors were encountered: