Jan Kowalleck
Jan Kowalleck
current implementation has an architectural lock in: `LicenseExpression`'s optional arguments are positional arguments. it would be better to have them as named arguments, so we could rearrange these arguments at...
fixes https://github.com/CycloneDX/cyclonedx-python-lib/issues/537
list responsibilities and capabilities in README. similar to - -
:mega: THIS IS A CALL FOR DOCS Feel free to add pull requests with examples here: - https://github.com/CycloneDX/cyclonedx-python-lib/tree/main/examples - https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/docs/examples.rst ---- There are currently no (complex) examples how to use...
now taht we have validators, it should be possible to write an importer, like the `outputter`s ... it should take an arbitrary string, detect the schema from it, and validate...
now that a package `validation` was established via https://github.com/CycloneDX/cyclonedx-python-lib/issues/432, t should be possible to move the data model validation there, too.\ data model validation is getting more and more complex...
## background CycloneDX supports "tags" - These "tags" are the equivalent of composer's "keywords" - ## request poppulate `components[].tags` based on composer manifest's `keywords`.
## Is your feature request related to a problem? Please describe. Per CycloneDX specification, the components' scope means (see [docs](https://cyclonedx.org/docs/1.6/json/#components_items_scope)) - "required": The component is required for runtime - "optional":...
Extraneous dependencies and platform requirements should be marked as such. Relevant CycloneDX specification: https://github.com/CycloneDX/specification/issues/321 How this is specified in composer: > The following types of platform packages exist and can...
how is the dependency graph with "virtual packages" or dependency to capabilities? see https://getcomposer.org/doc/04-schema.md#provide these relations should result in a relation in the dependency graph. example: package `A` depends on...