Skip to content

adding SecureSBOM to tools.json #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

adding SecureSBOM to tools.json #69

wants to merge 4 commits into from

Conversation

@VinnyBarton
Copy link

No description provided.

@VinnyBarton VinnyBarton requested a review from a team as a code owner September 9, 2025 10:26
jkowalleck
jkowalleck reviewed Sep 9, 2025
View reviewed changes
tools.json Outdated
],
"functions": [
"ANALYSIS",
"PACKAGE_MANAGER_INTEGRATION",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

package manager integration?
could you elaborate on this feature?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for reviewing @jkowalleck

SecureSBOM has a standalone GitHub Action: https://github.com/shiftleftcyber/secure-sbom-action. In addition we are also close to releasing a standalone SDK that can easily be integrated into various build systems (ie: Jenkins, Bitbucket...). Since "build system" is mentioned in the description of PACKAGE_MANGER_INTEGRATION, I included it in the array.

"PACKAGE_MANAGER_INTEGRATION": "Tools that integrate with build systems and package managers.",

If I am mistaken I would be happy to remove.

@jkowalleck
Copy link
Member

this PR has conflicts

VinnyBarton and others added 2 commits September 16, 2025 06:43
@VinnyBarton
adding SecureSBOM to tools.json
d8bcf6a 
Signed-off-by: Vinny Barton <[email protected]>
@ahmadnassri @VinnyBarton
feat: add socket.dev
5074e11 
Signed-off-by: Ahmad Nassri <[email protected]>
@VinnyBarton VinnyBarton force-pushed the feature/addSecureSBOMToToolCenter branch from f0c2ab5 to 5074e11 Compare September 16, 2025 10:44
@jkowalleck
Copy link
Member

we've changed how the tools.json is managed.
since now, each tool has its own json file in https://github.com/CycloneDX/tool-center/tree/main/tools
please revert your changes to tools.json, and add a dedicated fiele in the tools folder.

@jkowalleck jkowalleck marked this pull request as draft September 25, 2025 16:18
@jkowalleck jkowalleck self-requested a review September 30, 2025 14:09
@jkowalleck jkowalleck marked this pull request as ready for review September 30, 2025 14:09
@jkowalleck jkowalleck marked this pull request as draft October 31, 2025 08:01
jkowalleck
jkowalleck reviewed Oct 31, 2025
View reviewed changes
tools/securesbom.json
],
"functions": [
"ANALYSIS",
"PACKAGE_MANAGER_INTEGRATION",
Copy link
Member

@jkowalleck jkowalleck Oct 31, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove, as discussed here: #69 (comment)

Suggested change
"PACKAGE_MANAGER_INTEGRATION",

@jkowalleck jkowalleck marked this pull request as ready for review October 31, 2025 08:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkowalleck jkowalleck jkowalleck left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@VinnyBarton @jkowalleck @ahmadnassri