sboms
0 rows where organisation = "tanna.dev", platform = "gitlab" and repo = "gitlab-example-security-reports" sorted by rowid
This data as json
0 records
CREATE TABLE sboms ( -- component_name is the name of the component that this SBOM describes, as -- can be determined from the metadata. -- -- For instance: -- -- - in SPDX v2.3 this would be `$.name` -- - in CycloneDX v1.4 this would be `$.metadata.component.name` -- -- If no result can be found for the given SBOM, the basename of the filename -- will be used, for instance: -- -- filename: $HOME/Downloads/another-path/sample.spdx.json -- component_name: sample.spdx.json -- -- NOTE that the `component_name` is treated as the unique identifier for a -- given SBOM and is used to deduplicate findings. component_name TEXT NOT NULL, -- what package is this? package_name TEXT NOT NULL, -- version indicates the version of this dependency. -- -- NOTE this could be a version constraint, such as any of: -- -- <=1.3.4,>=1.3.0 -- "~> 0.9" -- latest -- ^2.0.6 -- =1.0.4 -- (NULL) -- -- As well as a specific value, such as: -- -- 1.0.4 -- 10 -- latest -- -- This versioning will be implementation-specific for the `package_manager` -- in use. -- -- NOTE that due to the quality of the tool producing the SBOM, this field -- may be NULL. version TEXT, -- current_version defines the current version that this package's `version` -- resolves to. -- -- If the `version` is an exact version number, such as `1.0.4`, then -- `current_version` will usually be the same value, `1.0.4`. -- -- NOTE that due to the quality of the tool producing the SBOM, this field -- may be NULL, or this may not be an exact value, but a version constraint -- similar to `version`. current_version TEXT, -- package_type most commonly relates to the "Type" field of a Package URL -- (as defined by https://github.com/package-url/purl-spec), which may be a -- package ecosystem or package manager type package_type TEXT NOT NULL, -- package_url is the Package URL (as defined by -- https://github.com/package-url/purl-spec), for the given dependency package_url TEXT NOT NULL, UNIQUE (component_name, package_name, package_type, package_url) ON CONFLICT REPLACE );