Ritesh Noronha

@flemminglau we added a new option to assemble command to restrict the output sbom version, details are here the last example https://github.com/interlynk-io/sbomasm?tab=readme-ov-file#assemle-sboms . This should unblock you. We have also...

@flemminglau not sure i understand, sbomasm can accept input as CycloneDX 1.4, 1.5 and 1.6 and output 1.4, 1.5 and 1.6. Yes it default outputs to 1.6. So we have...

@flemminglau My interpretation of what you need is - You have an application sbom. - You have gathered/generated sboms for its components(modules). - Now you would like to create an...

@flemminglau this seems like an interesting use-case i would like to solve for you. I was wondering, if you could provide me samples of your input and expected output, that...

In SPDX 2.3, new features include optional fields for Primary Package Purpose, support for additional hashing algorithms (SHA3-256, SHA3-384, SHA3-512, BLAKE2b-256, BLAKE2b-384, BLAKE2b-512, BLAKE3, ADLER32), new relationship types (REQUIREMENT_DESCRIPTION_FOR and...

i believe "-o" is a command for the validate command, not generate. "-b" is a directory where you can have the sbom written to. This is the command i use...

thanks @aravindparappil46

Yes we need to implement this. Currently it's a manual process.