Skip to content

Can BOM files be hybrid #338

Answered by stevespringett
omerfinger asked this question in Q&A
Discussion options

You must be logged in to vote

It is common to have a BOM that contains vulnerability information (VDR) as many security tools, especially SCA, produce such output. See https://cyclonedx.org/capabilities/vdr/

Optionally the analysis section can be done as well, but is much less prevalent. See https://cyclonedx.org/capabilities/vex/

Replies: 1 comment

Comment options

You must be logged in to vote
0 replies
Answer selected by jkowalleck
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants