Scans Software Bill of Materials (SBOMs) for security vulnerabilities
bomber
doesn't like bad Purls (or empty ones for that matter). This version will warn you if there is a bad Purl in your SBOM (without a valid Purl, there is no way to pull vulnerability information). Bad Purls will not be scanned.
bomber
now supports enrichment of vulnerability data! Our first enrichment adds EPSS scores into the vulnerability output. What's an EPSS score? It tells us the probability that a vulnerability will be exploited. For in depth information, check out the fascinating documentation at https://www.first.org/epss/
This update contains a few bug fixes and updated documentation, and improves the output of all renderers to output that list of files (and hashes) that bomber
has processed during scanning.