Brandon Lum

Awesome! Sounds good :D. @swinslow would you be able to recommend some python libraries to look at?

Let me ask around and do some searching too! I'll get back to you!

quick question - did you manage to take a look at https://github.com/spdx/tools-python/, what are some interfaces/structures that you think are needed to make it more useful to consume the library?...

Ah yea - if i'm not wrong, I think that effort was renamed to "Defects Profile", and it was for use case of reporting vulnerabilities as part of the SPDX...

Thanks for checking back! I believe that there's on-going OpenSSF funding request for the python library: https://github.com/ossf/sbom-everywhere/issues/6 Is this something that you are participating / interested in?

@woodruffw sorry i missed this, I think this is the issue for the python lib funding https://github.com/ossf/sbom-everywhere/issues/6 that @joshbressers has been shepherding

It would be helpful to have the project have a timeline of events (see https://github.com/cncf/tag-security/issues/975), we've found success in projects that do this!

in that case it should return and error without panicing and that should be good I think?

@kurt-r2c wanted to check back here, want to see what other use cases we need to handle here that stemmed from discussion of this issue.

Hey @javixeneize , for now we are taking in collector projects (since they run as a binary), but if your tool can produce an output which is the GUAC gql...