Dave Tryon

#1082 surfaced a case where we _might_ have a problem with case-differing file names. We should investigate this on a linux system to be sure. Scenario is as follows: 1....

Feature request: Allow caching when running SBOM multiple times on the same commit

1

We've seen cases where a single pipeline run produces multiple artifacts, meaning that the `BuildDropPath` parameter varies, but the `BuildComponentPath` is the same--same commit, same build iteration, etc. It could...

The code in [FileHasher.HashAlgorithmNames](https://github.com/microsoft/sbom-tool/blob/main/src/Microsoft.Sbom.Api/Executors/FileHasher.cs#L39-L66) seems to be incorrect when aggregating. The current code mimics that we do when validating, which uses `IConfiguration.HashAlgorithm.Value`. That's great when validating incoming SBOMs, but is...

External SPDX files appear in the files section

3

This is a known bug but I was unable to find an issue on it. When building an SPDX file, external doc refs gets reported twice--once (correctly) in as an...