Skip to content

CBOM: Add CycloneDX v1.6 support for cryptographic assets #3145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
2 tasks done
stevespringett opened this issue Oct 26, 2023 · 3 comments
Open
2 tasks done

CBOM: Add CycloneDX v1.6 support for cryptographic assets #3145

stevespringett opened this issue Oct 26, 2023 · 3 comments
Assignees
@n1ckl0sk0rtge
Labels
cdx-1.6 Related to CycloneDX specification v1.6 enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Milestone
5.x

Comments

@stevespringett
Copy link
Member

Current Behavior

Currently, Dependency-Track does not support cryptographic assets.

Proposed Behavior

Add support for cryptographic assets and their dependencies once CycloneDX v1.6 is released.

  • Display cryptographic assets in inventory
  • Display cryptographic assets in dependency graph
  • Display cryptographic-specific fields in component view and modal dialogs
  • Add support for dependency types (display on dependency graph)

NOTE: May be able to reach out to IBM Quantum for a git patch or PR, as they've performed an internal fork of DT that adds support for some of these things already.

Checklist
@stevespringett stevespringett added enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk cdx-1.6 Related to CycloneDX specification v1.6 labels Oct 26, 2023
@VinodAnandan VinodAnandan added this to the 5.x milestone Jun 10, 2024
@n1ckl0sk0rtge
Copy link

n1ckl0sk0rtge commented Jun 11, 2024
edited
Loading

@stevespringett @VinodAnandan could you assign this issue to me, would like to work on it.

FYI @san-zrl

@dshafranskiy-r7
Copy link

@n1ckl0sk0rtge do you have any ETA on that feature being implemented ?

@n1ckl0sk0rtge
Copy link

Hi @dshafranskiy-r7, not yet, but we are working on it, see

Together with the Dependency Track maintainers, we decided to implement this feature for Dependency Track 5.x.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@n1ckl0sk0rtge n1ckl0sk0rtge

Labels
cdx-1.6 Related to CycloneDX specification v1.6 enhancement New feature or request p2 Non-critical bugs, and features that help organizations to identify and reduce risk
Projects
None yet
Milestone
5.x
Development

No branches or pull requests
4 participants
@stevespringett @n1ckl0sk0rtge @VinodAnandan @dshafranskiy-r7