Linking Build Versions, Scans and SBOMs

version tagging allows community edition users to link soos scans to released versions of their open source packages this ensures that when users download an sbom (in cyclonedx or vex format), any vulnerability attestations are properly reflected for the version being downloaded specifying a version use the buildnumber parameter or equivalent to pass the build number to soos for each scan alternatively, versions can be manually added or adjusted using the version chip under the projects docid\ dxqzagmx rouuqu8lbent or project history docid\ jtmozsdsjc53kvxkol9g4 specifying a version for github scans for github app integrations soos supports reading a version file named soos version txt from your repo this fine contains the desired version and no other text this file can be updated automatically from the build process prior to running a soos scan and will be preferred over any version value provided in a manifest if you already have a version text file that you wish to use, you can specify the file name in your github configurations docid\ aqvzlze4rzjuiutshiuqu