The example_bom.xml file includes the cyclonedx-cocoapods tool and version number which makes sense. But it also includes the two direct dependencies of cyclonedx-cocoapods as tools starting at line 12. I think dependencies shouldn't be listed in the tools section like that. Should they be removed?
The example_bom.xml file includes the
cyclonedx-cocoapodstool and version number which makes sense. But it also includes the two direct dependencies ofcyclonedx-cocoapodsas tools starting at line 12. I think dependencies shouldn't be listed in the tools section like that. Should they be removed?The code adding them is in
bom_builder.rbat line 152.