Replies: 1 comment
-
I am thinking through this. Ideally the tool that signs is attesting the contents so dependency track must be the one doing this. If not, an independent tool like dep-scan could do this by working as a client for dependency track. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi @prabhu ,
Is there any possibility of signing the SBOM with VEX that is already generated via the Dependency Track
Currently, we are able to sign the SBOM at the time of generation
Thanks
Sahil
Beta Was this translation helpful? Give feedback.
All reactions