Adding support for update/patch locations #19
Milestone
Comments
|
Do you mean source of product updates (like new version of software) or patches (code changes needed) ? Since this is part of CycloneDX we just need to see how we can separate different CycloneDX boms - if needed. Or do I get it wrong? |
|
Ping @christophergates |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
TEA codifies how to fetch a BOM/VEX/VDR/Attestation, could we add a feature to also point (i.e. "URI") to the source of updates/patches? As it currently stands TEA has already done about 99% of the work to provide an update/patch location, but doesn't currently do that. Also in CDX there is "Pedigree" commits and patches, which provides very useful information about the changes in an update/patch version after it has been installed, if we could add similar structures to TEA it would allow the end user the ability to understand the changes in an update/patch before performing updating or patching of the product.
In a Health Sector Coordinating Council working group on performing updates & patches on medical devices in the field, the hospital knowing what has changed before installing the update is one of the most asked for capabilities.
The text was updated successfully, but these errors were encountered: