Many BOMs are created by security scanning tools that often add lots of proprietary data that is not meaningful to downstream users and their specific BOM use cases and their needs. By "trimming" out this proprietary data, we have seen BOM files shrink by sometimes 10x or more which is helpful in workflows that rely upon BOMs for evaluation and often transmitted across networks for storage and into hosted applications (e.g., DependencyTrack).
In addition and perhaps informed by tags from the SCVS standard, it is possible to use trim to remove sets of data that are not relevant to a specific use cases. For example, if we want to create a BOM with only some subset of info. such as just components and their Licenses/Copyrights or create a BOM with only Machine Learning (ML) data for a specific downstream use case, the "Trim" functionality can accomplish this (and the original BOM can still be preserved.
Many BOMs are created by security scanning tools that often add lots of proprietary data that is not meaningful to downstream users and their specific BOM use cases and their needs. By "trimming" out this proprietary data, we have seen BOM files shrink by sometimes 10x or more which is helpful in workflows that rely upon BOMs for evaluation and often transmitted across networks for storage and into hosted applications (e.g., DependencyTrack).
In addition and perhaps informed by tags from the SCVS standard, it is possible to use trim to remove sets of data that are not relevant to a specific use cases. For example, if we want to create a BOM with only some subset of info. such as just components and their Licenses/Copyrights or create a BOM with only Machine Learning (ML) data for a specific downstream use case, the "Trim" functionality can accomplish this (and the original BOM can still be preserved.