This is a really cool project thanks for writing it! I have a suggestion to improve the SPDX SBOM and fix a bug.
This PR modifies the SPDX SBOM to add relationships and add structure by relating them to a main package. It also fixes a bug where no packages were listed as being described by the document.
Before, packages were lingering loose, now they are related to one main package to model them as components an not individual items. Visualizing the SBOM structure with bom we can see that the SBOM now looks like this:
This is a really cool project thanks for writing it! I have a suggestion to improve the SPDX SBOM and fix a bug.
This PR modifies the SPDX SBOM to add relationships and add structure by relating them to a main package. It also fixes a bug where no packages were listed as being described by the document.
Before, packages were lingering loose, now they are related to one main package to model them as components an not individual items. Visualizing the SBOM structure with bom we can see that the SBOM now looks like this: