-
-
Notifications
You must be signed in to change notification settings - Fork 202
Open
Labels
documentationImprovements or additions to documentationImprovements or additions to documentationgood first issueGood for newcomersGood for newcomershelp wantedExtra attention is neededExtra attention is needed
Description
cdxgen tool is opinionated and takes a position under certain situations when generating the SBoM. The broader vision I had in mind when this was merely a hobby project was:
- No nuts or gluten must be left behind - cdxgen would report everything it finds, including dev and test dependencies but would attempt to categorize them as
optional
dependencies (although using scope attribute to represent optionality is a regret that needs fixing at some point!)Any SBoM is better than no SBoM - Often, security people might attempt to scan and generate SBoM for projects without the development tools like Java/Maven/Node.js installed. cdxgen would still work under these environments (by using fallback logic) but offer helpful messages to improve the SBoM accuracyTo pick up a draggable item, press the space bar. While dragging, use the arrow keys to move the item. Press space again to drop the item in its new position, or press escape to cancel.
With growing popularity, it is time to start documenting the tool's logic, assumptions, and positions to help consumers and integrators. What would be nice is to add rich comments inline and find a way to export the documentation in markdown format to the repo.
Please recommend any suitable tools and techniques available for node.js projects.
Metadata
Metadata
Assignees
Labels
documentationImprovements or additions to documentationImprovements or additions to documentationgood first issueGood for newcomersGood for newcomershelp wantedExtra attention is neededExtra attention is needed
Type
Projects
Milestone
Relationships
Development
Select code repository
Activity