Capture the dependency graph in CycloneDX BOMs #3906

sschuberth · 2021-04-19T08:07:16Z

Since the CycloneDX 1.2 spec, the dependency graph moved from an extension to a core feature. So after #3897 is merged, we could make use of it as the hierarchy of dependencies is valuable additional information.

sschuberth added enhancement Issues that are considered to be enhancements reporter About the reporter tool labels Apr 19, 2021

sschuberth added the hacktoberfest An issue suitable for the Hacktoberfest label Oct 2, 2021

sschuberth mentioned this issue Mar 21, 2022

CycloneDX SBOM dependency graph: no dependencies section is created for maven multimodule/npm project #5169

Closed

twright-0x1 mentioned this issue Jan 25, 2023

Dependency Graph Information Missing in CycloneDX SBOMs #6396

Closed

sschuberth added the help wanted An issue where third-party help is wanted on label Feb 23, 2023

sschuberth added the good first issue An easy issue for new contributors label Aug 24, 2023

sschuberth mentioned this issue Sep 4, 2023

[New Tool] Add the OSS Review Toolkit (ORT) interlynk-io/sbombenchmark.dev#11

Closed

5 tasks

sschuberth mentioned this issue Sep 21, 2023

SPDX reporter: Stop creating dangling relationships to excluded packages #7488

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Capture the dependency graph in CycloneDX BOMs #3906

Capture the dependency graph in CycloneDX BOMs #3906

sschuberth commented Apr 19, 2021 •

edited

Loading

Capture the dependency graph in CycloneDX BOMs #3906

Capture the dependency graph in CycloneDX BOMs #3906

Comments

sschuberth commented Apr 19, 2021 • edited Loading

sschuberth commented Apr 19, 2021 •

edited

Loading