Update gemnasium SBOM files to adhere to GitLab CycloneDX Property Taxonomy
Proposal
As explained in this comment, gemnasium
currently produces SBOM files with metadata.properties that don't adhere to the GitLab CycloneDX Property Taxonomy:
"metadata": {
"properties": [
{
"name": "gitlab:input_file",
"value": "yarn.lock"
},
{
"name": "gitlab:package_manager",
"value": "yarn"
}
]
}
For example, we should replace gitlab:input_file
with gitlab:dependency_scanning:input_file
from the above metadata.properties
block.
The purpose of this issue is to update the metadata.properties
of the SBOM files produced by gemnasium
to align with the GitLab CycloneDX Property Taxonomy.
Edited by Adam Cohen