Loading...

XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: indexer, indexer-api, matcher, matcher-api
Labels:
None

Epic Name:
SBoM
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Status:
In Progress
Hierarchy Progress Bar:

36% To Do, 64% In Progress, 0% Done

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Intelligence Requested:
Market:

This is the overarching Epic to contain work on:

producing SPDX SBoMs
consuming SPDX SBoMs

Some requirements:

We should be able to consume our own SBoMs
We should be able to consume other Red Hat produced SPDX SBoMs (or have clear explanations for the missing information)

depends on

CLAIRDEV-174 claircore: examine needed database changes to record package "system" type

Refinement

is Informed by

CLAIRDEV-179 docs: document that Konflux SBoMs include every arch

Refinement

relates to

ROX-30588 Claircore SBOM decode API

New

CLAIRDEV-16 claircore: support purls throughout

To Do

Assignee:: Unassigned

Reporter:: Henry Donnay

Contributors:: Brad Lugo, Joseph Crosland

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/10/27 8:22 PM

Updated:: 2025/10/30 9:38 PM