-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Align rules with OWASP SCVS initiative #20
Comments
Duplicates #93 |
Hey @surendrapathak , I went through official docs of SCVS. Just to give an overview it, Software Component Verification Standard is a group of controls and separated by control family. It has 6 control families and each control families has sub-control families with 3 levels:
Whereas L1, L2, L3 means:
So, basically we need to check whether these different control families of SCVS i.e. from V1 to V6 adhere to SBOM or not using |
Few question :
|
V2: Software Bill of Materials (SBOM) RequirementsControl Objective:Create accurate, machine-readable SBOMs automatically in the build pipeline. Multiple formats might be necessary to meet different requirements. Key Controls:
|
I wanted to discuss few things related to features of scvs:
|
|
OWASP SCVS is formalizing verification requirements for SBOMs.
sbomqs rules to test SBOM against as well output should be aligned to meet the proposed checks in SCVS.
The text was updated successfully, but these errors were encountered: