sbomasm icon indicating copy to clipboard operation
sbomasm copied to clipboard
verified publisher icon interlynk-io

Prefer purl as bom-ref

Open matglas opened this issue 11 months ago • 2 comments

It would be great to be able to use the purl as the bom-ref if it exists. Its unique in a bom in general and I see this pattern in more tools. And if there already is a bom-ref and it can be kept unique in the document don't alter it. For example in assemble command every bom-ref is rewritten.

matglas avatar Jan 07 '25 08:01 matglas

Looks interesting Point :+1: .

Btw, I agree with you on this:

assemble command every bom-ref is rewritten

viveksahu26 avatar Jan 07 '25 09:01 viveksahu26

I think we can use PURL as bom-ref for CycloneDX atleast, as almost every CycloneDX format SBOM have this format.

viveksahu26 avatar Aug 27 '25 14:08 viveksahu26