OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
Currently, dependencies is an array supporting two kinds of relationships - dependsOn (for dependency trees) and provides (for implementations). Both Software Heritage and OmniBOR supports advancedgraphs that requires representing the nodes and edges of a graph in a raw form to support advanced queries such as identifying "neighbours" or tracking custom relationship between two blobs.
Access to such precise graph is necessary to unlock the next level of supply-chain analysis to operate at a granular blob level rather than at a component purl level.
Currently, dependencies is an array supporting two kinds of relationships - dependsOn (for dependency trees) and provides (for implementations). Both Software Heritage and OmniBOR supports advanced graphs that requires representing the nodes and edges of a graph in a raw form to support advanced queries such as identifying "neighbours" or tracking custom relationship between two blobs.
Access to such precise graph is necessary to unlock the next level of supply-chain analysis to operate at a granular blob level rather than at a component purl level.