Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SBOM quality reporting #896

Open
JimFuller-RedHat opened this issue Oct 7, 2024 · 1 comment
Open

SBOM quality reporting #896

JimFuller-RedHat opened this issue Oct 7, 2024 · 1 comment
Assignees
@JimFuller-RedHat
Labels
enhancement New feature or request

Comments

@JimFuller-RedHat
Copy link
Collaborator

Valid SBOMs can have a range of issues; missing pURLs, missing or invalid licenses, or just 'garbage' data. Ingesting such SBOMs can often lead to surprising results which we should minimally at least be able to report on.

Existing reporting should be improved to be able to 'score' an SBOM's quality and make explicit so end users can assess risk properly.

Towards this goal - developing a small, focused utility that we can consider adding as a dep to trustify.
@JimFuller-RedHat JimFuller-RedHat self-assigned this Oct 7, 2024
@JimFuller-RedHat
Copy link
Collaborator Author

related to #701

@JimFuller-RedHat JimFuller-RedHat changed the title sbom quality reporting SBOM quality reporting Oct 7, 2024
@JimFuller-RedHat JimFuller-RedHat mentioned this issue Oct 10, 2024
Closed
@JimFuller-RedHat JimFuller-RedHat added the enhancement New feature or request label Oct 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JimFuller-RedHat JimFuller-RedHat

Labels
enhancement New feature or request
Projects
Trustify
Status: No status
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add report to source_document meta JimFuller-RedHat/trustify
1 participant
@JimFuller-RedHat