Merge pull request #97 from Mariuxdeangelo/main

Merged together dependabot feedback and FOSSA

Author: Mariuxdeangelo

SBOM-Catalog/public/data.yaml

@@ -6904,3 +6904,74 @@
     SBOM data interpretation and supply chain transparency.'
   Types:
     - Analyze
+- Abilities:
+    - Consume
+    - Convert
+    - Edit
+    - Generate
+    - Validate
+  Languages:
+    - Clojure
+    - C
+    - "C++"
+    - Dart
+    - Dotnet
+    - Erlang
+    - Elixir
+    - Fortran
+    - Go
+    - Haskell
+    - Java
+    - Javascript
+    - Nim
+    - "Objective-C"
+    - Perl
+    - PHP
+    - Python
+    - R
+    - Ruby
+    - Rust
+    - Scala
+    - Swift
+    - Typescript
+  License: Proprietary
+  Link: https://fossa.com
+  Name: FOSSA
+  Publisher: FOSSA
+  Source: Human written
+  Standards:
+    - SPDX
+    - CycloneDX
+  Summary: 'FOSSA is a software composition analysis (SCA) tool with robust SBOM management capabilities.
+    It empowers you to generate detailed, precise reports of all code dependencies for any version of your software, regardless of depth.
+    Additionally, FOSSA allows you to import external SBOMs, consolidating third-party license and security risks into a single, unified view.
+    With the flexibility to export SBOMs in multiple formats such as CycloneDX and SPDX, you can either download and distribute them yourself
+    or let FOSSA host them on your behalf. Moreover, its auto-update feature ensures that all SBOMs remain current, centralizing the management
+    of both internal and third-party components for seamless compliance and risk control.
+
+
+    Key Features:
+
+    - Supports CycloneDX and SPDX
+
+    - Exceeds U.S. government minimum SBOM requirements
+
+    - Utilizes multiple analysis techniques to produce an audit-grade component inventory
+
+    - Integrates locally or with version control systems
+
+    - Offers a powerful FOSSA CLI with comprehensive support for many languages and package managers, licensed under CPAL-1.0
+
+    - Generates SBOMs for any prior version of your software
+
+    - Can be customized for a range of security, regulatory compliance, and license compliance use cases
+
+    - Does not require source code access
+
+
+    This comprehensive approach enables seamless compliance and risk management across your software ecosystem.'
+  Types:
+    - Analyze
+    - Build
+    - Deployment
+    - Source

SBOM-Catalog/public/descriptions/FOSSA.md

@@ -0,0 +1,5 @@
+[FOSSA](https://fossa.com) is a software composition analysis tool with a mature SBOM management product offering. The SBOM management tool enables users to produce and ingest SBOMs in either SPDX or CycloneDX, monitor SBOMs for vulnerabilities and license compliance issues, and securely share SBOMs with customers. FOSSA also offers extensive remediation support to help organizations prioritize vulnerabilities they may uncover associated with the components in their SBOM.
+
+For more information about SBOM Management in FOSSA, please watch FOSSA's YouTube playlist [here](https://www.youtube.com/watch?v=H3UqVumgUFQ&list=PLDgTaRwpXLSeERefRakUujZveG47U3uCr).
+Also, explore FOSSA's SBOM documentation [here](https://docs.fossa.com/docs/using-fossa-sbom-management).
+For more details about the FOSSA CLI, you can explore the GitHub repository [here](https://github.com/fossas/fossa-cli).

SBOM-Catalog/public/filters.yaml

@@ -1,6 +1,6 @@
 ---
 - name: Standards
-  enabled: true
+  enabled: false
   description: Filter to distinguish between SBOM standards like SPDX and CycloneDx
 
 - name: License

SBOM-Catalog/public/logos/FOSSA.png

@@ -7,7 +7,7 @@ data_item:
   Link: str()
   Publisher: str()
   Summary: str()
-  License: enum('GPL-3.0', 'MIT', 'BSD-3-Clause', 'Apache-2.0', 'LGPL-3.0', 'UPL-1.0', 'MPL-2.0', 'No License', 'GPL-2.0', 'BSD-2-Clause', 'UPL-1.0', 'EPL-2.0', 'GNU')
+  License: enum('GPL-3.0', 'MIT', 'BSD-3-Clause', 'Apache-2.0', 'LGPL-3.0', 'UPL-1.0', 'MPL-2.0', 'No License', 'GPL-2.0', 'BSD-2-Clause', 'UPL-1.0', 'EPL-2.0', 'GNU', 'Proprietary')
   Standards: list(enum('CycloneDX', 'SPDX', 'SWID'))
   Source: enum('AI-Generated', 'AI & human reviewed', 'Human written')
   Abilities: list(enum('Compare', 'Consume', 'Convert', 'Edit', 'Generate', 'Merge', 'Validate', 'Sign'))

SBOM-Catalog/schemas/data.yaml

@@ -42,9 +42,9 @@ const createGitHubIssue = () => {
   <div v-if="store.selectedObject">
     <div v-if="store.selectedObject" class="flex justify-content-between align-items-center m-2">
       <PButton
-          icon="pi pi-github"
+          icon="pi pi-github" outlined
           label="Suggest Fix"
-          class="p-button-sm p-button-text p-button-rounded"
+          class="p-button-sm p-button-rounded"
           @click="createGitHubIssue"
           severity="secondary"
       />