sbom icon indicating copy to clipboard operation
sbom copied to clipboard
verified publisher icon voltone

Implement `component.supplier`

Open maennchen opened this issue 3 months ago • 0 comments

Definition: The organization that supplied/distributed the package to you.

Complexity: Supplier differs from publisher when using:

  • Private Hex repositories
  • Internal mirrors
  • Proxies/caches

[!IMPORTANT] Question: ❓ How to handle cases where supplier info is not available? Leave as null or infer from PURL?

maennchen avatar Dec 04 '25 13:12 maennchen