No Supplier for each component within SBOM #2993
Comments
This is not required to make a valid SBOM. It is required for NTIA minimum elements. The challenge we have here is that we simply don't have supplier information present in the scan target for everything. However, we are including supplier, in many cases if we found this information. Is there something else you are looking for? Could you provide more information: what package ecosystem, what output format, sample images you expect to have suppliers, etc.? |
|
I'm going to close this issue, as I believe it's a duplicate of #1961. If that's not correct, please let me know! And if you have some examples to provide to help us make sure we're surfacing supplier information for ecosystems, please do let us know that as well. |
What would you like to be added:
Please add "Supplier" to each component.
Why is this needed:
The Supplier is needed to make SBOM valid.
Additional context:
The text was updated successfully, but these errors were encountered: