The example_bom.xml file includes the cyclonedx-cocoapods tool and version number which makes sense. But it also includes the two direct dependencies of cyclonedx-cocoapods as tools starting at line 12. I think dependencies shouldn't be listed in the tools section like that. Should they be removed?
The example_bom.xml file includes the
cyclonedx-cocoapods
tool and version number which makes sense. But it also includes the two direct dependencies ofcyclonedx-cocoapods
as tools starting at line 12. I think dependencies shouldn't be listed in the tools section like that. Should they be removed?The code adding them is in
bom_builder.rb
at line 152.