Skip to content

Milestones

List view

  • SVIP-UI QA

    Lets get these bugs cleared out and make some enhancements.

    Overdue by 1 year(s)
    Due by July 31, 2023
    34/35 issues closed
    97% complete1 open34 closed

  • SVIP Demo 3

    # SVIP Demo 3 > Final Demo showing SVIP initial capabilities Open Source Integration and SBOM Visualization ## Demo MVP - [ ] Generate SBOMs using OSI - [ ] User selects which relevant OS tools to use - [ ] Visualize SBOM ## Completed System Requirements - [ ] 1.1.1 The system shall provide users the option to generate SBOMs using existing Open Source SBOM Generators - [ ] 1.1.2 The system shall provide the user the option of which supporte Open Source SBOM generators to use - [ ] 1.1.3 The system shall analyze the project source code to determine the metadata, programming languages, and environments to apply the appropriate Open Source SBOM generator. - [ ] 1.1.4 The system shall leverage the selected Open Source Software (OSS) SBOM generators to create new SBOMs. - [ ] 1.1.5 An up-to-date list of OSS SBOM generator tools shall be maintained to insure that all available tools are supported. - [ ] 1.1.6 The system shall translate and merge SBOMs generated from multiple OSS tools into one unified SBOM. - [ ] 6.1 The system shall convert the unified SBOM data into a node graph, with each node representing a component in the SBOM. - [ ] 6.2 Generic nodes shall be created by default, and there shall be an option to create specialized nodes such as for a graph of vendor nodes. - [ ] 6.3 Node graphs shall be able to model component multi-dependencies and circular dependencies. - [ ] 6.4 The system shall display the node graph in a high fidelity visualization that maps to the user's mental image of a bill of materials. - [ ] 6.5 The system shall provide a means for the user to navigate the visualized SBOM graph to follow component relationships. - [ ] 6.6 The system shall provide a means for the user to view the detailed data for a selected SBOM component. - [ ] 7.1 The system shall allow users to upload SBOMs at any time - [ ] 7.2 The system shall confirm with the user before removing any SBOMs - [ ] 7.3 The system shall allow access to SBOM files at any time

    Overdue by 1 year(s)
    Due by July 28, 2023
    1/1 issues closed
    100% complete0 open1 closed

  • SVIP Demo 2

    # SVIP Demo 2 > Internal Demo showing additional features Advanced SBOM Generation, Metrics, comparison, merging, view, VEX ## Demo MVP - [ ] View "pretty" SBOM with doc view - [ ] Generate SBOMs with Parsers - [ ] Generate and show list of Metrics - [ ] Show comparison between SBOMs - [ ] Merge 2 and 3 SBOMs - [ ] Apply VEX information to a target SBOM - [ ] Convert between SBOM formats UI - [ ] Download CycloneDX 1.4 SBOMs - [ ] JSON - [ ] XML - [ ] Download SPDX 2.3 SBOMs - [ ] SPDX (tag:value) ## Completed System Requirements - [ ] 1.2.1 The system shall provide users the option to generate SBOMs using SVIP's SBOM Generator - [ ] 1.2.2 The system shall utilize existing SCA parsers to scan source code to generate SVIP SBOM Objects - [ ] 1.2.3 The system shall use package manager files to enhance SBOM Generation - [ ] 1.2.4 The system shall shall use various NLP techniques to enhance and improve SBOM Generation - [ ] 1.3.1 The system shall support CycloneDX 1.4 SBOM output - [ ] 1.3.2 The system shall support SPDX 2.3 SBOM output - [ ] 1.3.3 The system shall convert SVIP SBOM objects into CycloneDX and SPDX Standards - [ ] 2.1 The system shall allow users to merge uploaded SBOMs, regardless of origin format - [ ] 2.2 The system shall allow users to upload any SBOM, regardless of origin format - [ ] 2.3 The system shall prompt users to create a new merged SBOM or replace exisiting SBOM document - [ ] 3.1 The system shall utitlize the NVD Database for VEX Data - [ ] 3.2 The system shall utitlize the OSV Database for VEX Data - [ ] 3.3 The system shall be able to support adding additional Vulnerabilty Databases - [ ] 3.4 For a given SBOM component, the system shall add known VEX-like vulnerability data to the SBOM. - [ ] 3.5 The system shall allow users to upload SBOMs and apply VEX information regardless of origin format - [ ] 4.1 The system shall allow the user select which metrics are run - [ ] 4.2 The system shall be able to support adding additional Metrics - [ ] 4.3 The system shall use metric information to improve the quality of the SBOM - [ ] 4.4 The system shall allow users to download raw JSON reports of Metric findings - [ ] 5.1 The system shall allow users to compare SBOMs against a given target SBOM - [ ] 5.2 The system shall allow users to clearly identify differences between SBOMs visually - [ ] 5.3 The system shall allow users to download raw JSON reports of Comparison findings

    Overdue by 2 year(s)
    Due by July 14, 2023
    2/2 issues closed
    100% complete0 open2 closed

  • SVIP Demo 1

    # SVIP Demo 1 > Internal Demo showing initial features Launch Application, Upload SBOMs, view them via dock viewer ## Demo MVP - [ ] Launch Application using Docker - [ ] Upload SPDX 2.3 SBOMs - [ ] Upload CycloneDX 1.4 SBOMs - [ ] Store SBOMs in a Database - [ ] Present all SBOMs in a row manner - [ ] View raw SBOM contents with the docviewer ## Completed System Requirements - [ ] 2.2: The system shall allow users to upload any SBOM, regardless of origin format - [ ] 7.4: The system shall store SBOM files in a database

    Overdue by 2 year(s)
    Due by June 30, 2023
    10/10 issues closed
    100% complete0 open10 closed