Y
Hacker News
new
|
ask
|
show
|
jobs
by
sebazzz
1146 days ago
I use them. With the Microsoft SBOM tool[0] I generate a SBOM (which is unfortunately missing license information) and then feed them to Google OSV scanner to check for vulnerabilities. Not unlike Github Advanced Security does.
[0]:
https://github.com/microsoft/sbom-tool
[1]:
https://github.com/google/osv-scanner