Merge branch 'master' into syft-bitbucket-pipe

Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>

.github/workflows/validate_tools_yaml.yml

@@ -0,0 +1,21 @@
+name: validate tools yaml
+
+on:
+  pull_request:
+    paths: ["_data/tools.yml"]
+  push:
+    paths: ["_data/tools.yml"]
+  workflow_dispatch:
+
+permissions: read-all
+
+jobs:
+  lint-yaml:
+    runs-on: ubuntu-latest
+    steps:
+      - name: install yamale
+        run: pip install 'yamale>=5.2.1,<6'
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: lint tools yaml
+        run: yamale -s _data/.schema/tools.schema.yaml  _data/tools.yml

Gemfile.lock

@@ -59,8 +59,8 @@ GEM
     rb-fsevent (0.11.1)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rexml (3.2.8)
-      strscan (>= 3.0.9)
+    rexml (3.3.3)
+      strscan
     rouge (3.28.0)
     safe_yaml (1.0.5)
     sassc (2.4.0)

_data/.schema/tools.schema.yaml

@@ -0,0 +1,29 @@
+# yamale schema syntax: https://github.com/23andMe/Yamale#schema
+list(include('tool'))
+
+---
+
+tool:
+  name: str()
+  publisher: str()
+  description: str() # all after 250 chars is truncated
+  repoUrl: str(required=False)
+  websiteUrl: str(matches='^https?://.+')
+  categories: list(include('category'))
+
+# see _data/tool-categories.yml
+category: >
+  enum(
+  'opensource',
+  'proprietary',
+  'build-integration',
+  'analysis',
+  'author',
+  'github-action',
+  'github-app',
+  'transform',
+  'library',
+  'signing-notary',
+  'distribute'
+  )
+

_data/tools.yml

@@ -1,4 +1,8 @@
 ---
+
+# `description` will be truncated at 250 characters
+# `categories` values may be the keys from `tool-categories.yml` file
+
 - name: CycloneDX Core for Java
   publisher: CycloneDX
   description: Library which facilitates the creation of SBOMs from Java objects,
@@ -783,7 +787,7 @@
   websiteUrl: https://github.com/conan-io/conan-extensions
   categories:
   - opensource
-  - build-integration  
+  - build-integration
 - name: Checkov
   publisher: Checkov
   description: Prevent cloud misconfigurations during build-time for Terraform, Cloudformation,
@@ -1708,7 +1712,7 @@
   websiteUrl: https://github.com/nscuro/cdx-central
   categories:
     - opensource
-    - distribution
+    - distribute
 - name: cdx-vs-cdx
   publisher: marcosanchotene
   description: GUI tool to compare two SBOMs in CycloneDX JSON format.
@@ -1800,10 +1804,10 @@
   - distribute
   - build-integration
   - proprietary
-  - gitHub-app
+  - github-app
   - analysis
   - author
-- name: Athena 
+- name: Athena
   publisher: Medical Aegis Inc
   description: Athena is a SaaS solution for medical device makers that overlays the product development lifecycle to address risks before devices go to market.
   websiteUrl: https://medicalaegis.com
@@ -1884,7 +1888,7 @@
   categories:
   - opensource
   - analysis
-  - distribution
+  - distribute
 - name: SUM Platform
   publisher: Security Pattern
   description: SBOM management and vulnerability monitoring platform for IoT and embedded systems. Show compliance to regulations and standards and manage risk across the entire product lifecycle.
@@ -1947,7 +1951,7 @@
   - author
   - build-integration
   - distribute
-  - gitHub-app
+  - github-app
   - github-action
 - name: cyclonedx_deps_to_mermaid.xsl
   publisher: Jan Kowalleck
@@ -1965,6 +1969,22 @@
   categories:
   - build-integration
   - opensource
+- name: Meta Package Manager
+  publisher: Kevin Deldycke
+  description: Export a SBOM of all packages installed on a Linux, macOS or Windows system.
+  websiteUrl: https://github.com/kdeldycke/meta-package-manager
+  repoUrl: https://github.com/kdeldycke/meta-package-manager
+  categories:
+  - build-integration
+  - opensource
+- name: BOMSkope
+  publisher: Netskope
+  description: BOMSkope is a web-based Software Bill of Materials manager designed to streamline the tracking of vendor components. It enables the identification and monitoring of potential vulnerabilities in vendor software, enhancing visibility into your overall security posture.
+  websiteUrl: https://github.com/netskopeoss/BOMSkope
+  repoUrl: https://github.com/netskopeoss/BOMSkope
+  categories:
+  - analysis
+  - opensource
 - name: Bitbucket Pipe for SBOM Generation
   publisher: ccideas
   description: Integrate this Bitbucket Pipe into your CI/CD pipeline to automatically generate a
@@ -1974,3 +1994,6 @@
   categories:
     - opensource
     - build-integration
+
+# `description` will be truncated at 250 characters
+# `categories` values may be the keys from `tool-categories.yml` file

_redirects

@@ -31,6 +31,16 @@
 /docs/latest/xml /docs/1.6/xml/ 302
 /docs/latest/xml/ /docs/1.6/xml/ 302
 
+/schema/spdx /schema/spdx.xsd 302
+/schema/bom /schema/bom-1.6.xsd 302
+/schema/bom/1.0 /schema/bom-1.0.xsd 302
+/schema/bom/1.1 /schema/bom-1.1.xsd 302
+/schema/bom/1.2 /schema/bom-1.2.xsd 302
+/schema/bom/1.3 /schema/bom-1.3.xsd 302
+/schema/bom/1.4 /schema/bom-1.4.xsd 302
+/schema/bom/1.5 /schema/bom-1.5.xsd 302
+/schema/bom/1.6 /schema/bom-1.6.xsd 302
+
 /schema/bom-1.2a.schema.json /schema/bom-1.2-strict.schema.json 302
 /schema/bom-1.2b.schema.json /schema/bom-1.2-strict.schema.json 302
 /schema/bom-1.3a.schema.json /schema/bom-1.3-strict.schema.json 302

about/working-groups/working-groups.json

@@ -4642,5 +4642,19 @@
     "categories": [
       "contributors"
     ]
+  },
+  {
+    "displayName": "Sergey Khokhlov",
+    "lastName": "Khokhlov",
+    "headshot": "sergey-khokhlov.jpg",
+    "organization": null,
+    "description": null,
+    "twitter": null,
+    "linkedin": "skhokhlov",
+    "github": "skhokhlov",
+    "homepage": "https://github.com/skhokhlov",
+    "categories": [
+      "maintainers"
+    ]
   }
 ]