Support `--normalize` flag (sort+) for CycloneDX BOM on `trim` command output

CycloneDX / sbom-utility

Utility that provides an API platform for validating, querying and managing BOM data

Apache License 2.0

81 stars 13 forks source link

Support `--normalize` flag (sort+) for CycloneDX BOM on `trim` command output #81

Closed mrutkows closed 2 months ago

mrutkows commented 3 months ago

This would be a first step to fully normalize all BOM structures (e.g., Components, Services, Vulns., ExternalRefs. Properties, etc.) which should help Diff and potential future Merge commands.

mrutkows commented 2 months ago

Please note that using BOMRef as an identifier for normalization is NOT correct as different iterations of BOMs generated by tools create random UIDs for many components.