The "Dependencies" section of README.md contains a small typo. Line 246 specifies
A crypto asset A is considered as 'used' by component C if there is auseddependency path from C to A.
This is incorrect, I believe. There is no "used" dependency type defined in the CBOM. The defined relationship is "uses" (see README.md line 244).
A patch to fix this is:
diff --git a/README.md b/README.md
index ec1463b..314d163 100644
--- a/README.md
+++ b/README.md
@@ -243,7 +243,7 @@ The two dependency types are:
- `implements`: refers to crypto assets implemented, or statically available in a component. Examples are the algorithms provided by crypto libraries. A crypto asset 'implemented' by a component does not imply that it is in use.
- `uses`: refers to crypto assets in use, or being referenced by other components. The referencing can be done by explicit function calls or by configuration at run time. Usage may change over time, so CBOMs always represent a snapshot at a given point in time.
-A component can have a dependencies of both types `implements` and `uses`. A crypto asset A is considered as 'used' by component C if there is a `used` dependency path from C to A.
+A component can have a dependencies of both types `implements` and `uses`. A crypto asset A is considered as 'used' by component C if there is a `uses` dependency path from C to A.
## Examples
The "Dependencies" section of README.md contains a small typo. Line 246 specifies
A crypto asset A is considered as 'used' by component C if there is a
useddependency path from C to A.
This is incorrect, I believe. There is no "used" dependency type defined in the CBOM. The defined relationship is "uses" (see README.md line 244).
A patch to fix this is: