You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What would you like to be added:
With the onset of CycloneDX/cyclonedx-go#90 the current library we use for generating cyclone-dx SBOM now minimally supports 1.5. Syft should still generate 1.4 as the default stable version, but should give the option for users to generate 1.5 with syft -o cyclone-dx@1.5 node:latest - Syft should also take this opportunity to allow users to generate versions back to v1.0 given that https://github.com/CycloneDX/cyclonedx-go/blob/83031d6697bd6d8b20bce2a0326347a0ea7691c7/encode.go#L31-L34 can now accept a version supplied by the user.
Why is this needed:
Keeping syft up to date with latest SBOM specification standards
Additional context:
N/A
The text was updated successfully, but these errors were encountered:
What would you like to be added:
With the onset of CycloneDX/cyclonedx-go#90 the current library we use for generating cyclone-dx SBOM now minimally supports 1.5. Syft should still generate 1.4 as the default stable version, but should give the option for users to generate 1.5 with
syft -o cyclone-dx@1.5 node:latest
- Syft should also take this opportunity to allow users to generate versions back tov1.0
given that https://github.com/CycloneDX/cyclonedx-go/blob/83031d6697bd6d8b20bce2a0326347a0ea7691c7/encode.go#L31-L34 can now accept a version supplied by the user.Why is this needed:
Keeping syft up to date with latest SBOM specification standards
Additional context:
N/A
The text was updated successfully, but these errors were encountered: