As part of the investigation we have to do with open source package, providing a link to the original source of the package is a requirement.
As this package does not have these tags as per the Nuget releases, we are unable to do this. It is becoming a requirement for SBOMs in relation to the Whitehouse edict.
For example, we are processing version 1.6.0 and the only place on the code that this is mentioned is
|
#### 1.6.0 - July 13 2015 |
I cannot use this as there are later versions in this file. Normally I might be able to find the relevant commit by searching on "1.6.0" but even in this case, this is the only thing I can find.
Thanks
As part of the investigation we have to do with open source package, providing a link to the original source of the package is a requirement.
As this package does not have these tags as per the Nuget releases, we are unable to do this. It is becoming a requirement for SBOMs in relation to the Whitehouse edict.
For example, we are processing version 1.6.0 and the only place on the code that this is mentioned is
OpenNLP.NET/RELEASE_NOTES.md
Line 31 in 5a3eed6
I cannot use this as there are later versions in this file. Normally I might be able to find the relevant commit by searching on "1.6.0" but even in this case, this is the only thing I can find.
Thanks