Closed malice00 closed 8 months ago
This is a great idea to increase the amount of information in the SBOM.
Implementation notes:
pod.rb
add a property for a UUID (that will be the bomRef
) of the pod.bomRef
and maps to the list of direct dependencies of that bomRef
.podfile_analyzer.rb
when adding a unique pod as a component, assign it a UUID for the bomRef
(from 1 above).podfile_analyzer.rb
any time a pod dependency is found (unique or not), add it to the UUID hash in the proper place of dependencies (from 2 above).bomRef
(from 1 above) and the complete dependency map (from 2 above).PR should have everything
When importing the generated SBOM in dependency-track, there is no dependency tree available. This seems to be because there is no dependency information available in the SBOM. Could this be added to the SBOM?