Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure we have dependency vulnerability links for the items in the SBoM, or document where not available #3962

Open
Tracked by #3952
sxa opened this issue Sep 30, 2024 · 0 comments
Open
Tracked by #3952

Ensure we have dependency vulnerability links for the items in the SBoM, or document where not available #3962

sxa opened this issue Sep 30, 2024 · 0 comments
Labels
enhancement Issues that enhance the code or documentation of the repo in any way

Comments

@sxa
Copy link
Member

sxa commented Sep 30, 2024

From discussion in the secure dev call:

We should see if we can obtain pURLs needed for gcc etc. in order to link it back to be able to look up CVEs related to the product version. The investigation will need to identify where that information is stored for each project. Also can we obtain SBoMs for the dependencies which have been identified and catalogued in the SBoM?

Part of SSDF PS4.1
@sxa sxa added the enhancement Issues that enhance the code or documentation of the repo in any way label Sep 30, 2024
@sxa sxa mentioned this issue Sep 30, 2024
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Issues that enhance the code or documentation of the repo in any way
Projects
Adoptium Backlog
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sxa