diff --git a/documentation/blog/2023-09-01-sbom-part-one-generation.md b/documentation/blog/2023-09-01-sbom-part-one-generation.md index 9266439386..b4f579a1b1 100644 --- a/documentation/blog/2023-09-01-sbom-part-one-generation.md +++ b/documentation/blog/2023-09-01-sbom-part-one-generation.md @@ -263,5 +263,6 @@ One remaining problem are packages installed directly as binary, without any kin Especially in containers this is pretty prevalent for the "main software" of a container. This is a known issue for both Trivy and Syft: [trivy#481](https://github.com/aquasecurity/trivy/issues/481), [trivy#1064](https://github.com/aquasecurity/trivy/issues/1064), [trivy#2839](https://github.com/aquasecurity/trivy/issues/2839), [syft#1197](https://github.com/anchore/syft/issues/1197), [syft#1607](https://github.com/anchore/syft/issues/1607), [syft#1963](https://github.com/anchore/syft/issues/1963). It seems that Syft's support for those kinds of binaries is slightly better, in the Juice Shop image, only Syft detects the actual node binary. - -Before selecting one of these two as a tool for the MVP, it makes sense to look at the __other side__ of an _SBOM workflow_, the __consuming side__ in a second upcoming blog post. + +Before selecting one of these two as a tool for the MVP, it makes sense to look at the __other side__ of an _SBOM workflow_, the __consuming side__. +These details are covered in [_Part 2: SBOM Consumption_](/blog/2023/09/15/sbom-part-two-consumption). diff --git a/documentation/blog/2023-09-15-sbom-part-two-consumption.md b/documentation/blog/2023-09-15-sbom-part-two-consumption.md index 3751fd1f37..8f9ecf27d6 100644 --- a/documentation/blog/2023-09-15-sbom-part-two-consumption.md +++ b/documentation/blog/2023-09-15-sbom-part-two-consumption.md @@ -19,7 +19,6 @@ tags: - Dependency-Track description: We describe our plans to build an SBOM workflow for the secureCodeBox, including an SBOM tool comparison and interoperability troubles. This part treats the aspects of consuming SBOMs. image: /img/blog/2023-09-15-river-mouth.jpg -draft: true --- ![A river mouth](/img/blog/2023-09-15-river-mouth.jpg)