Updated git stats db
Updated downloads per month badge
Bumped dev deps (types-Markdown==3.7.0.20241204)
Tree shaking for the minimal viable software bill of materials (SBOM).
User and developer documentation of sbom.
Any feature requests or bug reports shall go to the todos of sbom.
The main source of sbom
is on a mountain in central Switzerland.
We use distributed version control (git).
There is no central hub.
Every clone can become a new source for the benefit of all.
The preferred public clone of sbom
is:
Please do not submit "pull requests" (I found no way to disable that "feature" on GitHub). If you like to share small changes under the repositories license please kindly do so by sending a patchset. You can either send such a patchset per email using git send-email or if you are a sourcehut user by selecting "Prepare a patchset" on the summary page of your fork at sourcehut.
Please kindly submit issues at https://todo.sr.ht/~sthagen/sbom or write plain text email to ~sthagen/sbom@lists.sr.ht to submit patches and request support. Thanks.
Experimental.
The current implementation SHALL only digest trustworthy data.
Schema validation of JSON and XML formats requires specific measures to
minimize vulnerabilities.
For example: The python xml parser implementation (etree) in
use is presumably vulnerable against some attacks like billion laughs
and quadratic blowup.
Plans are to move towards a safer implementation like defusedxml
or any other hardened implementation.
The situation is similar for the JSON formats.
In summary and repeating the obvious:
The current implementation SHALL only digest trustworthy data.
Note: The default branch is default
.