You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
currently, SBOM "components" are detected based an a package.json file.
thats cool for most situatons.
but what if there is just no package.json? or it is untrusted for reasons?
Let's add file-based (sub-)components, that have a proper hash to them.
-> the feature is disabled by default, can be enabled by a new config option. name to be defined.
expected outcome:
components that represent "packages" have sub-components, one for each file that us used.
each of the file-based sub-components has a computed set of hashes on them.
each of the file-based sub-components name is the relative path of the file. relative to the root component.
if no package.json can be found (other than the projects own one), then the file used by webpack should be resulting in a SBOM component of type "file",
each of the file-based components has a computed set of hashes on them.
each of the file-based components name is the relative path of the file. relative to the root component.
currently, SBOM "components" are detected based an a
package.json
file.thats cool for most situatons.
but what if there is just no
package.json
? or it is untrusted for reasons?Let's add file-based (sub-)components, that have a proper hash to them.
-> the feature is disabled by default, can be enabled by a new config option. name to be defined.
expected outcome:
package.json
can be found (other than the projects own one), then the file used by webpack should be resulting in a SBOM component of type "file",May need an extra property taxonomy
cdx:webpack
according to https://github.com/CycloneDX/cyclonedx-property-taxonomyThe text was updated successfully, but these errors were encountered: