Maximilian Combüchen

Hey @goneall thanks for pointing this out. It sounds like a straightforward fix, but really the data source (ecosyste.ms) should sanitize license identifiers. But I can see how that's not...

@VictorHuu I think this should be brought up with the specification committee first: https://github.com/CycloneDX/specification/issues `"unknown"` is not part of [the official enum of component types for CycloneDX](https://cyclonedx.org/docs/1.6/json/#components_items_type). Mind you, this...

Hey @vpetersson there is an old (stale) discussion on this topic here: https://github.com/snyk/parlay/issues/11 There was some pushback on the idea of inserting parlay as a tool into the SBOM as...

> Perhaps this is a feature that should be enabled by default, but could be disabled with an argument? I was having the same thought, a possibility to opt out...

Hey @pooja0805 thanks for flagging your issue. I assume that this is about `parlay ecosystems enrich`? It would be great if you could share your input and how you invoke...

Thanks @pooja0805 this is helpful. I could not reproduce the behaviour you described; given the Cassandra SBOM you provided, I get different results: `pkg:maven/org.javassist/[email protected]` -> `(MPL 1.1 OR LGPL 2.1...

hey @victorc-cylus did you mean to open this issue in https://github.com/CycloneDX/cyclonedx-gomod ?

Hey @omercnet thanks for the contribution and please excuse the long radio silence. Taking a look now.

Hey @BuriKizilkaya thanks for opening the issue. Could you please state exactly what commands you ran, what the outcome was and which behaviour you would expect instead? Thank you!

@goneall @BuriKizilkaya Gary, Burak, apologies for the radio silence. My skewed-up notification settings failed to inform me about your messages on this thread. Gary I took a look at your...