Paul Horton

Good spot @ajbrown - I just came across this working on [`cyclonedx-python-lib`](https://github.com/CycloneDX/cyclonedx-python-lib). @stevespringett / @coderpatros - can we consider aligning the schemas more here, unless there is a good reason...

Hi @Radial01 - thanks for engaging with us. There is no official place in the CycloneDX standard (v1.4) that allows for a data-classification type statement or flag. This is something...

Hi @jenshnielsen - thanks for the PR - can you please look to address the failing checks?

Hi @RodneyRichardson , Just cross posting my comment from #361 - totally support points 2 and 3 you raise - best to review my comments on #361 relating to point...

Hi @redaabdellah21 - thanks for getting involved and reporting this behaviour. We have an open issue that is also similar to the lack of dependency tree generated by SBOMs in...

Hi @Anthony-Mckale - many thanks for the idea. I did not know about this endpoint on PyPi! Couple of questions in case you know the answers before I go searching:...

@Anthony-Mckale - I've got the answer for 2 above (https://github.com/pypa/advisory-db). Note that another source of vulnerabilities might be [OSS Index](https://ossindex.sonatype.org/)?

Thanks @Anthony-Mckale. I still think this is a valid feature for `cyclonedx-python` - but we might consider supporting multiple sources for Vulnerability information. We're due to release some major changes...

Parser implementation live in [`cyclonedx-python`](https://github.com/CycloneDX/cyclonedx-python) now - will relocate this Issue to that project.

This is an interesting idea - thanks for raising @SaberStrat. Being able to accurately populate `meta.component` would be great, and my view is that parsing data from the example files...