minor: add sbom and vex on security page #3202
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR adds documentation for BalenaOS Software Bill of Materials (SBOM) and Vulnerability EXchange (VEX) files to the security page.
- Introduces a new SBOM and VEX section explaining file formats and usage.
- Describes how to find
bom.jsonandvex.jsonassets for releases. - Mentions compatibility with the CycloneDX tooling ecosystem.
Comments suppressed due to low confidence (3)
pages/learn/welcome/security.md:93
- Rephrase this sentence for clarity and correct style: use parentheses or em dashes consistently, capitalize JSON, remove the extra ‘the’, and simplify phrasing. E.g., "BalenaOS provides a Software Bill of Materials (SBOM) in the machine-readable, human-friendly CycloneDX 1.4 JSON format, which lists all components that compose the OS and their fixed vulnerabilities."
BalenaOS provides Software Bill of Materials (SBOM) in the - machine readable, but human friendly - CycloneDX 1.4 json format. Those files can be used to determine the versions of the all the components that composes the OS, and the known fixed vulnerabilities.
pages/learn/welcome/security.md:99
- There's an unmatched closing parenthesis at the end. Remove the extra
)or adjust punctuation so the parentheses enclose only the intended fragment.
`bom.json` and `vex.json` files can be found in the asset list of an OS release page (under the `cyclonedx` folder); click the `HOST OS VERSION` of a device to go to that page).
pages/learn/welcome/security.md:101
- This is a run-on sentence. Consider splitting into two sentences or using a semicolon after “analysis” for clearer separation of clauses.
SBOM and VEX are compatible with the cyclonedx ecosystem of software composition analysis, a list of tools (open-source and proprietary) can be found on [cyclonedx.org tool center](https://cyclonedx.org/tool-center/).
aethernet
force-pushed
the
aethernet/generate-sbom
branch
from
3218e36 to
0542672
Compare
Co-authored-by: Matthew Yarmolinsky <[email protected]>
Co-authored-by: Matthew Yarmolinsky <[email protected]>
Co-authored-by: Matthew Yarmolinsky <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://balena.fibery.io/Work/Project/balenaos-SBOM-as-release-asset-1515