Brandon Lum

ah yes - that was a heuristic to handle the syft tool doing this for containers. Let's take a look at this. Thanks for flagging, a lot of the SBOMs...

Hmm @nadgowdas , we recently added the `MetadataFor` relationship, do you think that will be able to capture at least on an abstract level the data fields you are thinking...

hi @tonghuaroot , would you help fix the DCO, and LGTM - more info at https://github.com/guacsec/guac/pull/182/checks?check_run_id=9062452895

Yup it should be possible to do that! Currently we are doing this with neo4j due to familiarity and availability of the GCP marketplace to run the service. If folks...

FYI: @nadgowdas

I think for us to create the edges, we would need the top level component. I think in this case, a missing [top level "component"](https://github.com/CycloneDX/specification/blob/1.4/schema/bom-1.4.schema.json#L136-L140) would probably mean that we...

For those 2 files, those are just wrappers around calling the spire implementation, we've refactored most of the code are in the rest of the files in the package so...

@wlynch @pritidesai changes made PTAL!

Yup! That is right, function deployment and calling works perfectly!

I like this idea, I do think that this doesn't necessarily introduce much overhead with having a separate release for `cmd` since we explicitly want the `cli` utility for testing...