You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you're using cdxgen as a library, can you ensure you set the pedigree.ancestors information under metadata.tools.components? You can essentially copy the value from metadata.tools.components[0].
This will help propagate the validation rules and trusts as we build new, powerful tools to verify xBOMs (Say for public agencies). Tools that lack ancestry would be considered newish and unverified by default, which might not be desirable.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
If you're using cdxgen as a library, can you ensure you set the pedigree.ancestors information under
metadata.tools.components? You can essentially copy the value from metadata.tools.components[0].https://cyclonedx.org/docs/1.6/json/#metadata_tools_oneOf_i0_components_items_pedigree_ancestors
This will help propagate the validation rules and trusts as we build new, powerful tools to verify xBOMs (Say for public agencies). Tools that lack ancestry would be considered newish and unverified by default, which might not be desirable.
Beta Was this translation helpful? Give feedback.
All reactions