cyclonedx / cyclonedx.org Goto Github PK
View Code? Open in Web Editor NEWPublic website cyclonedx.org
Home Page: https://cyclonedx.org/
Public website cyclonedx.org
Home Page: https://cyclonedx.org/
The Use Cases page has a menu that displays on the right side of the page and which lists the use cases. ie, a list that is long, a list that will grow!
However, the functionality of the menu is impaired because it does not scroll properly (tested using both latest Firefox and latest Chrome).
If I want to see what is listed after "Service Definition" (currently, seven use cases) then I either have to scroll right down to the bottom of the page, or press "Page Down" 70 times. One can also Zoom Out to shrink font size and display the entire list without scrolling. But all of these are a pain.
Can navigation be improved?
followup of CycloneDX/specification#379
with the release of CycloneDX v1.6 we need to update use-cases and examples.
this ticket shall be a tracker for the needed work:
component.authors
(old: component.author
) according to CycloneDX/specification#379component.manufacturer
according to CycloneDX/specification#379metadata.manufacturer
according to CycloneDX/specification#379metadata.manufactur
(deprecated) -> metadata.component.manufacturer
according to CycloneDX/specification#379The use-cases have short introductions to features and capabilities.
The guides give deeper insights.
The "use-cases" documents are often used as a quick start, that make people want to learn the details.
The "capabilities" documents are often used as a quick start, that make people want to learn the details.
To help people transition from entry levels to mature levels, the guide should be linked in the use-cases.
For example https://cyclonedx.org/use-cases/#properties--name-value-store
could link to https://cyclonedx.org/guides/sbom/extensibility/#cyclonedx-properties and others.
The Tool Center shows that there are 164 tools as of 30th November 2022.
This gives no indication of the rate of growth. I examined the history of tools.yml (and tools.json before that) and extracted data that I believe would make for an interesting graph. Hence this issue.... an enhancement suggestion
November 2022 164
October 2022 155
Sept 2022 152
August 2022 146
July 2022 135
June 2022 131
May 2022 129
April 2022 124
March 2022 119
February 2022 107
January 2022 100
December 2021 90
November 2021 86
October 2021 84
September 2021 81
August 2021 67
July 2021 67
June 2021 67
May 2021 63
April 2021 51
March 2021 51
February 2021 48
January 2021 48
December 2021 48
November 2021 47
October 2021 47
September 46
August 2021 44
July 2021 42
have an automatism, that sets the label "tool-center" to issues, if they modify the tool-center driving files.
have a github workflowm, that
_data/tools.yml
Hello
I have created a new tool to visualise cyclonedx sboms in neo4j - https://github.com/javixeneize/neo4cyclone
I think this would be useful to be added under tools. What is the process to do that?
Thanks
my browser is reflecting my window manager being set to dark-mode.
therefore the default layout of a page is set to a darker background-color and a lighter foreground-color.
the web page's css sets the .body { color: #333; }
but does not set a background color.
so my browser uses my (dark) default background color. which results in a dark on dark result. as shown in the screenshot.
a fix would be: set a proper background color in the body
css or where it needs to apply.
When one embeds a link to the CycloneDX website in twitter, Slack, MS Teams (etc) then the link preview states:
OWASP CycloneDX is a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis
I believe that this should be updated. CycloneDX is more than just SBOM... and the text sort of sells CycloneDX short. There has been more than one occasion when I have sent a link and then had to follow-up with extra info to explain. Also, if space allows, mention NTIA or similar?
Also, the use of the word lightweight has definitely been used against CycloneDX by those who would say "Use X rather than CycloneDX because CycloneDX is lightweight".
after CDX 1.6 was released, the following things needs updates:
Tools page points to the incorrect buildroot github repo. It should point to https://github.com/CycloneDX/cyclonedx-buildroot
Hello,
On the cycloneDX tool center, the tool "cve_bin_tool" is listed as CycloneDX complient but isn't.
See intel/cve-bin-tool#1368
Have a nice day
currently the JSON schema spec 1.2 has a $id
of https://cyclonedx.org/schema/bom-1.2a.schema.json
see: https://github.com/CycloneDX/specification/blob/master/schema/bom-1.2.schema.json
the id is URL-like.
expected behaviour: requesting the URL does respond with the JSON schema document.
unfortunately this URL "https://cyclonedx.org/schema/bom-1.2a.schema.json" does not deliver the JSON schema.
the URL "https://cyclonedx.org/schema/bom-1.2.schema.json" does hold the JSON schema document.
Proposal: have both URLs deliver the current 1.2 JSON schema
We should provide guidance and an example of describing components down to the file level.
In some cases it is possible to determine a file version, i.e. DLLs. But for a lot of file types this isn't possible. And I suggest a hash is used as the version on those files.
I noticed that the vulnerability extension link is no longer working. It looks like the section headers are being rendered over the links and preventing click events from getting through to the links. It also affects the Reliza Hub link and the bottom half of the MedScan link.
I still haven't managed to get this running locally or I would look into it. I'll send a screenshot of the header element highlighted via slack.
current use-cases of https://cyclonedx.org/use-cases/ are like this:
{
"bomFormat": "CycloneDX",
"specVersion": "1.3",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
{
"type": "library",
"name": "acme-library",
"version": "1.0.0"
}
]
}
PROPOSAL: add the used json schema as $schema
to all existing JSON examples,
so that more people produce correct CDX documents with the support of their IDE.
the used value for the property $schema
must be the $id
of the used schema. see https://github.com/CycloneDX/specification/blob/master/schema
spec | schema-id |
---|---|
1.2 | http://cyclonedx.org/schema/bom-1.2a.schema.json |
1.3 | http://cyclonedx.org/schema/bom-1.3.schema.json |
Benefit: IDE/tools know the applied JSON schema and can act accordingly in their respective domain.
Example:
{
"$schema": "http://cyclonedx.org/schema/bom-1.3.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.3",
"serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
"version": 1,
"components": [
{
"type": "library",
"name": "acme-library",
"version": "1.0.0"
}
]
}
Add example use case that demonstrates differences between a software component and hash with additional external reference distribution hashes.
Hello,
It would be nice if we could filter tools with several tags on the tool center
ex: looking for Build-integration tools which are opensource
Thanks for your work!
See the video:
System:
Safari Version 16.3 (18614.4.6.1.5)
macOS Ventura 13.2 (arm64)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.