lib4sbom icon indicating copy to clipboard operation
lib4sbom copied to clipboard
verified publisher icon anthonyharrison

Support more relationship types

Open simoncozens opened this issue 1 year ago • 0 comments

Currently the SPDX generator assumes that the source of a relationship is always a package, and the target is either a package or a file:

https://github.com/anthonyharrison/lib4sbom/blob/5a06007fb97cbe092545bc84aebe52fa08894301/lib4sbom/generator.py#L174-L190

SPDX relationships may occur between any elements:

This field provides information about the relationship between two SPDX elements. For example, you can represent a relationship between two different Files, between a Package and a File, between two Packages, or between one SPDXDocument and another SPDXDocument.

simoncozens avatar Sep 16 '24 10:09 simoncozens