cyclonedx-dotnet-library icon indicating copy to clipboard operation
cyclonedx-dotnet-library copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Flat merging can result in duplicate BOM refs

Open coderpatros opened this issue 4 years ago • 1 comments

Not sure how to handle this. For hierarchical merging the top level component information can be used to "namespace" BOM refs.

Maybe requires supporting passing in namespace values for each BOM or optionally generating a random namespace.

I personally don't like the latter as it will drastically change BOM refs between runs. But maybe that's not really an issue given they are just used to identify elements within a single instance of a BOM.

coderpatros avatar Jul 20 '21 12:07 coderpatros

This should be fixed with #199

fnxpt avatar Feb 16 '23 10:02 fnxpt