All, I am looking for some help and guidance from experts on how to validate build SBOMs and check for any false positives.
I have used this maven plugin to generate SPDX format build SBOM for an open source Java project ( https://github.com/wmichalska/CreditManager ) github.com/spdx/spdx-maven-plugin ( https://github.com/spdx/spdx-maven-plugin ) The build SBOM has around 120 lines. For the same codebase, i generated SBOM by doing source code scan - this has 10 lines. Can someone please advise how to validate the build SBOM ? Thanks, Vishal. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5689): https://lists.spdx.org/g/Spdx-tech/message/5689 Mute This Topic: https://lists.spdx.org/mt/107734884/21656 Mute #spdx:https://lists.spdx.org/g/Spdx-tech/mutehashtag/spdx Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
