-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support enriching SPDX SBOMs #3
Comments
Hey @garethr Some questions:
|
Good questions:
|
Not being a Go programmer myself, I won't be able to contribute code - but I can point you to some libraries supported by the SPDX community that may be helpful. My apologies if this is already known info.
Ping me if you have any SPDX questions and I'd be glad to help. |
Draft PR open here: #20 |
@garethr I had a play with the brute-force idea in this draft PR. It lead me to believe that we need to extend the interface beyond just bytes and ask consumers to specify the given format, I see too many cons otherwise. WDYT? |
@garethr I tend to agree with @mcombuechen - the brute force could be problematic. |
@garethr Should we close this issue? |
Now shipped in v0.2.0 |
Currently
parlay
only support CycloneDX. Implementing for SPDX would be useful, though not all information may be applicable to the SPDX spec.The text was updated successfully, but these errors were encountered: