The matcher correctly identifies PEM-encoded cryptographic material, including:
- -----BEGIN RSA PRIVATE KEY-----
- -----BEGIN EC PRIVATE KEY-----
- -----BEGIN OPENSSH PRIVATE KEY-----
- -----BEGIN CERTIFICATE REQUEST-----
However, the CBOM JSON output produced does not conform to the official CycloneDX specification (https://cyclonedx.org). Two specific gaps have been identified:
- Incomplete key material representation – The full cryptographic asset details are not preserved in the output.
- Schema mapping deficiencies – The generated JSON fails validation when checked against the CycloneDX CLI, due to incomplete field mappings.
The matcher correctly identifies PEM-encoded cryptographic material, including:
However, the CBOM JSON output produced does not conform to the official CycloneDX specification (https://cyclonedx.org). Two specific gaps have been identified: