sbom import #6964
Labels
Comments
|
What part of the documentation makes you suspect that Owasp Dependency Checker will currently be consuming an SBOM? This project does not use an SBOM as an input format. It can consume a various build-tool dependency configurations (e.g. package(-lock).json, Maven pom.xml) and will try deriving library coordinates from binaries (jar-files, DLL files) and javascript files. |
|
hi @marcelstoer and @aikebah , thanks for the reply. I guess, I misunderstood, now its clear that dependency check wont import sbom. Any other open source tool, which I can use?, I already tried GRYPE and Dependecy-track. |
|
Those are both good candidates. You might want to take a look at https://github.com/owasp-dep-scan/dep-scan as well. --> this issue should be closed |
|
Thanks. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello, I am trying to import a sbom in json file and I am using this command to import: ./cli/target/release/bin/dependency-check.sh --out . --scan /home/asad/a/file.json
But when i check the report it says no vulnerabilities detected, as I know it has vulnerable components, which I already checked.
Can anyone tell me what could be the problem.
Thanks.
The text was updated successfully, but these errors were encountered: