auditjs icon indicating copy to clipboard operation
auditjs copied to clipboard

Published 20 hours ago verified publisher icon sonatype-nexus-community

Dependency graph in SBOM

Open DarthHater opened this issue 3 years ago • 1 comments

Hi, heloo

This adds a dependency graph to the sbom we send to Nexus IQ Server, and adds metadata, and also a couple other tiny CycloneDX 1.3 things

This pull request makes the following changes:

  • Adds dependency-graph library
  • Adds nodes each time we find a component to add
  • Adds a relationship between that component and it's parent
  • Modifies the SBOM creation process to output this in the proper XML way

cc @bhamail / @DarthHater / @allenhsieh / @ken-duck

DarthHater avatar Jul 01 '21 21:07 DarthHater

@DarthHater do you have any example CycloneDX sbom output with the dependency graph based on this PR?

kakumara avatar Nov 24 '21 06:11 kakumara