Scott Kempf
Scott Kempf
What if we replace "(path+file...)" on local dependencies with either a hash, a counting suffix or drop it all together based on a command line option? The name and version...
> When the repository is tracked in (private) source control, it it possible to set bom-ref to the VCS URL? I would also be interested in the response here. Also...
First of all, thank you for your response. Ok, so currently our implementation isn't perfect, only the three fields required by NTIA and not required by CycloneDX are overwritten. There...
We are proceeding as proposed by @Schnatsel
Ok, will do. But I need some time because I'm working on something else right now. Thanks!