gt; from third party information.
> Press Enter to continue vulnerability search, s to skip to next component or
> q to exit:
>
> Thanks,
>
> Dick Brooks
>
> Never trust software, always verify and report! ™
> http://www.reliableenergyanalytics.com
> Ema
Comparing the SBOM you've been given to upstream SBOMs is one that springs
to mind. Especially if any sort of analysis/audit has been done to augment
the SBOM. But in that case they would be referenced inside the SBOM you're
looking at.
On Thu, Apr 15, 2021 at 1:41 AM Eliot Lear
wrote:
> It
iableenergyanalytics.com
Tel: +1 978-696-1788
-Original Message-
From: OPSAWG On Behalf Of Eliot Lear
Sent: Wednesday, April 14, 2021 11:41 AM
To: opsawg
Subject: [OPSAWG] 2nd try: how many SBOMs do we need to locate and discover?
It seems that my mail system ate my first attempt at this
It seems that my mail system ate my first attempt at this.
One of the questions I raised in the opsawg meeting was how many SBOMs we would
need to be able to retrieve. I am looking for use cases where there would be
more than one. To me, I think the place to look is around VMs and containers,
