We currently support two dependency ecosystems in the kit: Maven and NPM. These cover all the application dependencies, but not the environment the application runs in, e.g. Docker images. To add support for other ecosystems besides Maven and NPM, we need:
- have those packages in the SBOM (preferably with CycloneDX plugins, e.g. docker/sbom-cli-plugin);
- handle ecosystem dynamically when building requests and parsing responses to/from the OSV API;
- update the UI accordingly to be able to show/filter the new ecosystems.
We currently support two dependency ecosystems in the kit: Maven and NPM. These cover all the application dependencies, but not the environment the application runs in, e.g. Docker images. To add support for other ecosystems besides Maven and NPM, we need: