Hi! On 28/3/23 16:36, Olle E. Johansson wrote:
Hi!Using the “syft” tool from Anchore I created an SBOM for a server with Kamailio installed from Debian. The result is quite interesting. Some notes: - For each component (debian package) a list of licenses are made. - The CPEs - filters for matching with NVD - are based on the debian package names, which is incorrect I will try with a newer system, like Debian Bullseye. My question is if we can fix this somehow by modifying meta data in our packages.
the information of licenses in packaging is at debian/copyright [0] [0] https://github.com/kamailio/kamailio/blob/master/pkg/kamailio/deb/debian/copyright -- ----------------------------------------------------------------- | ,''`. Victor Seva | | : :' : [email protected] | | `. `' PGP Key ID: 0x51A09B18CF5A5068 | | `- Debian Developer | -----------------------------------------------------------------
OpenPGP_0x51A09B18CF5A5068.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to [email protected]
