pyproject.toml does not include transitive dependencies

[maurerle]

I used sbom4python -r pyproject.toml -o sbom-spdx.json --sbom cyclonedx

and found it to not include the transitive dependencies.

Running instead: pip-compile -o requirements.txt ./pyproject.toml and then sbom4python -r requirements.txt -o sbom-spdx.json --sbom cyclonedx includes the transitive dependencies as well.

[anthonyharrison]

@maurerle Only the depedenceies included in the file will be included. These are typically only the direct dependencies.

Using pip-compile can be used will generate a more complete list of dependencies.