CycloneDX/cdxgen issues and pull requests

#1462 - update atom to get cpg 1.0.1 and the latest protobuf

Pull Request - State: closed - Opened by prabhu about 12 hours ago
Labels: security

#1461 - [atom] sbom for the npm package

Issue - State: open - Opened by prabhu about 13 hours ago

#1460 - asvs 5.0 - WIP

Pull Request - State: open - Opened by prabhu about 15 hours ago
Labels: asvs, standard

#1459 - dotnet 9 deep improvements

Pull Request - State: closed - Opened by prabhu about 23 hours ago - 2 comments
Labels: enhancement, Consider Funding, lang:dotnet

#1458 - Package updates

Pull Request - State: closed - Opened by prabhu 1 day ago

#1457 - Minimum confidence filter

Pull Request - State: closed - Opened by prabhu 3 days ago
Labels: enhancement

#1456 - [BUG] cdxgen -o bom.json returns error with node 18.20.5

Issue - State: closed - Opened by vinkobedek 3 days ago - 1 comment

#1455 - Annotation improvements - part 5

Pull Request - State: closed - Opened by prabhu 4 days ago - 4 comments
Labels: enhancement

#1454 - Trim the saasbom to help all models including Gemini

Pull Request - State: closed - Opened by prabhu 5 days ago - 1 comment

#1453 - CVE-2024-0057 in cyclonedx/cdxgen-deno:v10.11.0

Issue - State: closed - Opened by cmontemuino 5 days ago - 3 comments

#1452 - Annotations text for saasbom and cdxa

Pull Request - State: closed - Opened by prabhu 5 days ago

#1451 - Annotation improvements - part 2

Pull Request - State: closed - Opened by prabhu 6 days ago - 4 comments
Labels: enhancement

#1450 - Automatic annotations and tagging

Pull Request - State: closed - Opened by prabhu 7 days ago - 2 comments
Labels: enhancement, breaking, maven

#1444 - Enable CycloneDX 1.5 snapshots to be compared with 1.6.

Pull Request - State: closed - Opened by cerrussell 18 days ago

#1443 - Graciously fail for fastlane managed swift projects

Pull Request - State: closed - Opened by prabhu 18 days ago
Labels: lang:swift

#1442 - Adds occurrence evidence for swift

Pull Request - State: closed - Opened by prabhu 18 days ago - 1 comment
Labels: enhancement, Ready for QA, lang:swift, pro bono

#1441 - fix: executable path in windows

Pull Request - State: closed - Opened by aryan-rajoria 19 days ago - 2 comments

#1439 - Python executable path in Windows

Issue - State: closed - Opened by cerrussell 20 days ago - 1 comment
Labels: lang:python

#1438 - Run some GitHub action jobs only on main repository

Pull Request - State: closed - Opened by marob 22 days ago

#1437 - Other GitHub action are running on forks

Issue - State: closed - Opened by marob 22 days ago

#1436 - Run "Upload base images" action only on main repository

Pull Request - State: closed - Opened by marob 24 days ago

#1433 - SBOM generation should fail on unknown pom.xml dependency

Issue - State: open - Opened by metametadata 24 days ago - 3 comments
Labels: maven

#1432 - "Upload base images" GitHub action is running (and failing) on forks

Issue - State: closed - Opened by marob 25 days ago - 2 comments
Labels: infra

#1431 - Use bom-ref consistently in the dependency tree

Pull Request - State: closed - Opened by prabhu 25 days ago
Labels: maven, pro bono

#1429 - The bom-ref are encoded but not encoded in the dependencies ref.

Issue - State: closed - Opened by MohammedAziz02 27 days ago - 1 comment
Labels: bug, maven

#1428 - Adds support for specifying npm install args

Pull Request - State: closed - Opened by prabhu 27 days ago
Labels: enhancement, sponsored, lang:node

#1427 - Bump cjd version for bugfixes.

Pull Request - State: closed - Opened by cerrussell 29 days ago

#1426 - Do not duplicate dependsOn (#1425)

Pull Request - State: closed - Opened by marob about 1 month ago - 1 comment

#1425 - Generates BOM with duplicate dependencies.dependsOn

Issue - State: closed - Opened by marob about 1 month ago

#1424 - Do not duplicate parent dependencies in case of multiple composer.lock files (#1419)

Pull Request - State: closed - Opened by marob about 1 month ago

#1423 - Support for pubspec.yaml

Issue - State: closed - Opened by prabhushan about 1 month ago

#1420 - Missing the Author for the Node projects.

Issue - State: closed - Opened by durga-pasupuleti about 1 month ago

#1419 - Generates BOM with duplicate dependencies

Issue - State: closed - Opened by marob about 1 month ago - 2 comments

#1418 - [Gradle] Added the possibility to completely exclude modules from the scan (fix for issue #1413)

Pull Request - State: closed - Opened by malice00 about 1 month ago - 2 comments

#1417 - pnpm workspace tree

Pull Request - State: closed - Opened by prabhu about 1 month ago - 2 comments
Labels: sponsored, pnpm

#1415 - Address vulns

Issue - State: closed - Opened by metametadata about 1 month ago - 3 comments
Labels: security

#1414 - WIP: Feature/swift evidence

Pull Request - State: closed - Opened by prabhu about 1 month ago

#1413 - [Gradle] build-time code generated submodules not found after optimization

Issue - State: closed - Opened by maur1 about 1 month ago - 10 comments

#1412 - [jar] gracefully handle jars bundled with jdk

Issue - State: open - Opened by prabhu about 1 month ago - 1 comment

#1411 - Update packages with overrides

Pull Request - State: closed - Opened by prabhu about 1 month ago - 5 comments
Labels: Ready for QA, lang:container, lang:node

#1410 - [python] support for uv

Issue - State: open - Opened by prabhu about 1 month ago

#1409 - Improve root dependency list for Gemfile.lock

Pull Request - State: closed - Opened by prabhu about 1 month ago
Labels: sponsored, lang:ruby

#1407 - [deno] deno lock file support

Issue - State: open - Opened by prabhu about 1 month ago

#1406 - Refer to new custom images in the code

Pull Request - State: closed - Opened by prabhu about 2 months ago
Labels: mode:container

#1405 - Copy custom base images

Pull Request - State: closed - Opened by prabhu about 2 months ago
Labels: enhancement, mode:container

#1404 - Added parameter for new version of CJD

Pull Request - State: closed - Opened by malice00 about 2 months ago

#1404 - Added parameter for new version of CJD

Pull Request - State: closed - Opened by malice00 about 2 months ago

#1403 - Duplicate properties

Pull Request - State: closed - Opened by malice00 about 2 months ago - 3 comments

#1401 - [gradle] GradleProfileName properties have duplicate values

Issue - State: closed - Opened by prabhu about 2 months ago - 2 comments
Labels: gradle

#1401 - [gradle] GradleProfileName properties have duplicate values

Issue - State: closed - Opened by prabhu about 2 months ago - 2 comments
Labels: gradle

#1400 - [npm] support for git dependencies in the lock file

Issue - State: open - Opened by prabhu about 2 months ago

#1399 - feat: Ignore parent component for types with empty components

Pull Request - State: closed - Opened by prabhu about 2 months ago
Labels: sponsored, lang:java, maven

#1398 - [maven] Repeated wrapper tests

Issue - State: closed - Opened by prabhu about 2 months ago

#1396 - [qa] Test with godot samples

Issue - State: open - Opened by prabhu about 2 months ago

#1395 - How to generate bom via cdxgen image in Jenkins pipeline?

Issue - State: closed - Opened by shxiq01 about 2 months ago

#1394 - search only for Bazel workspace and module files

Pull Request - State: closed - Opened by maur1 about 2 months ago - 1 comment

#1393 - Carthage support

Issue - State: open - Opened by prabhu about 2 months ago

#1390 - Brings back windows sae builds

Pull Request - State: closed - Opened by prabhu about 2 months ago

#1389 - Upgrade testing to use custom-json-diff v2.

Pull Request - State: closed - Opened by cerrussell about 2 months ago - 1 comment

#1388 - [Gradle] Added an option to fully scan 'includedBuilds'

Pull Request - State: closed - Opened by malice00 about 2 months ago - 1 comment

#1387 - Update atom and other packages

Pull Request - State: closed - Opened by prabhu about 2 months ago

#1387 - Update atom and other packages

Pull Request - State: closed - Opened by prabhu about 2 months ago

#1386 - Poetry root list from pyproject.toml

Pull Request - State: closed - Opened by prabhu about 2 months ago - 2 comments
Labels: sponsored, lang:python

#1386 - Poetry root list from pyproject.toml

Pull Request - State: closed - Opened by prabhu about 2 months ago - 2 comments
Labels: sponsored, lang:python

#1385 - Confusing warning "Dependency tree is partial lacking child nodes."

Issue - State: open - Opened by metametadata about 2 months ago - 4 comments

#1384 - Typescript 5.6.x with the latest atom

Pull Request - State: closed - Opened by prabhu about 2 months ago
Labels: lang:node

#1384 - Typescript 5.6.x with the latest atom

Pull Request - State: closed - Opened by prabhu about 2 months ago
Labels: lang:node

#1383 - [Gradle] Scanning of all modules fixed

Pull Request - State: closed - Opened by malice00 about 2 months ago - 12 comments
Labels: Ready for QA, gradle

#1382 - refactor: project structure PR

Pull Request - State: closed - Opened by aryan-rajoria 2 months ago - 1 comment

#1380 - [Gradle] Added deep-scanning of gradle modules

Pull Request - State: closed - Opened by malice00 2 months ago - 14 comments
Labels: Ready for QA, breaking, gradle

#1379 - [Gradle] Fixed a problem with scoped NPM packages while resolving modules from NPM

Pull Request - State: closed - Opened by malice00 2 months ago - 4 comments
Labels: gradle

#1378 - Do not create empty component.components

Pull Request - State: closed - Opened by prabhu 2 months ago - 2 comments

#1377 - Feat: Include components from pnpm-lock.yaml importers

Pull Request - State: closed - Opened by aryan-rajoria 2 months ago - 3 comments

#1376 - [Gradle] Don't use full multi-threading, SBOMs can be completely wrong

Pull Request - State: closed - Opened by malice00 2 months ago - 2 comments

#1375 - Doc: bump version to 10.9.11

Pull Request - State: closed - Opened by aryan-rajoria 2 months ago

#1374 - Recover dependency tree from nuspec files

Pull Request - State: closed - Opened by prabhu 2 months ago - 2 comments
Labels: sponsored, lang:dotnet

#1373 - Fix: #1370 - restrict bazel projects to pattern `BUILD{,.bazel}`

Pull Request - State: closed - Opened by heubeck 2 months ago

#1371 - Handling sub-components of the root component the same as all other components

Pull Request - State: closed - Opened by malice00 2 months ago - 4 comments

#1370 - Bazel build being run for non-Bazel projects, causing errors

Issue - State: closed - Opened by MCDong 2 months ago - 3 comments

#1369 - bump version to 10.9.10

Pull Request - State: closed - Opened by aryan-rajoria 2 months ago

#1368 - [Gradle] Resolve gradle module from npm package

Pull Request - State: closed - Opened by malice00 2 months ago - 5 comments
Labels: Ready for QA, gradle

#1367 - use package import method in tests

Pull Request - State: closed - Opened by prabhu 2 months ago

#1366 - Fix gitClone error logging and improve code quality

Pull Request - State: closed - Opened by amuravski 2 months ago - 4 comments

#1365 - [Gradle] Correctly identify all modules' group and version

Pull Request - State: closed - Opened by malice00 2 months ago - 2 comments
Labels: Ready for QA, gradle

#1364 - [pixi] dependency tree support for python pixi

Issue - State: open - Opened by prabhu 2 months ago

#1363 - Lint fixes

Pull Request - State: closed - Opened by prabhu 2 months ago - 1 comment

#1362 - Fix: `nvm tests` in `envcontext.test.js`

Pull Request - State: closed - Opened by aryan-rajoria 2 months ago - 5 comments

#1361 - test: ensure all *.test.js files are being run

Pull Request - State: closed - Opened by setchy 2 months ago - 4 comments
Labels: test

#1360 - refactor: project structure

Pull Request - State: closed - Opened by setchy 2 months ago - 5 comments

#1358 - [publish] Generate .map and .ts.map before publish

Issue - State: open - Opened by prabhu 2 months ago

#1357 - Feat: Add support for different Node versions (NVM support)

Pull Request - State: closed - Opened by aryan-rajoria 2 months ago - 4 comments
Labels: sponsored, lang:node

#1356 - Improve partial dependency tree detection

Pull Request - State: closed - Opened by prabhu 2 months ago
Labels: sponsored, lang:python

#1355 - [container] Error while generating SBOM for cdxgen image

Issue - State: closed - Opened by prabhu 2 months ago - 1 comment
Labels: help wanted, lang:container

#1354 - feat: gomod direct detection

Pull Request - State: closed - Opened by prabhu 2 months ago - 1 comment
Labels: sponsored, possibly breaking, lang:go

#1353 - Only a single instance of a dependency component reported in the SBOM when there are multiple instances

Issue - State: open - Opened by prabhu 3 months ago
Labels: needs contributor, lang:node

#1352 - Tune down a log

Pull Request - State: closed - Opened by prabhu 3 months ago
Labels: lang:java

#1351 - Use java8 type in snapshot tests

Pull Request - State: closed - Opened by prabhu 3 months ago - 1 comment

#1350 - Update packages. Tuned down a warning

Pull Request - State: closed - Opened by prabhu 3 months ago
Labels: Ready for QA, lang:node

#1349 - Force go mod graph even when go list errors out

Pull Request - State: closed - Opened by prabhu 3 months ago
Labels: sponsored, lang:go

#1348 - Fix: update glibc with more library headers

Pull Request - State: closed - Opened by aryan-rajoria 3 months ago

GitHub / CycloneDX/cdxgen issues and pull requests