-
Type:
Task
-
Resolution: Fixed
-
Priority:
Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Server Security
-
Fully Compatible
-
Security 2024-05-13, Security 2024-05-27
- Translate BlackDuck BOM into CycloneDX (AKA SBOM Lite) stored in the repository as a one-time backfill.
- Set CycloneDX version to 1.5
- Pretty format the JSON representation
- Strip out BlackDuck properties arrays from all components
- Strip out "metadata.tools"
- Strip out "vulnerabilities"
- Ensure all PURLs are directed to Github
- Copy each component's team and scope from Server's attestations (item #2 above)
- After a successful transplant, the linter must be able to validate that all directories under src/third_party are covered by the CycloneDX SBOM.
- depends on
-
-
- Closed
-
-
-
- Closed
-
- is depended on by
-
-
- Closed
-