More recent versions of CycloneDX support an assembly which is a nested set of components within other components. This doesn't imply relationship data, but makes it easier to manage SBOMs where there are multiple sources or services as each major component can be added as a set of child components of its parent.
Whilst I recognise lib4sbom isn't designed to be a fully featured CycloneDx parser, I believe support should be added for at least parsing assemblies. I recognise this will likely need to flatten them and some fidelity will be lost with the current internal model, however, this would be beneficial for those of us using assemblies for validation and basic parsing tasks.
More recent versions of CycloneDX support an assembly which is a nested set of components within other components. This doesn't imply relationship data, but makes it easier to manage SBOMs where there are multiple sources or services as each major component can be added as a set of child components of its parent.
Whilst I recognise lib4sbom isn't designed to be a fully featured CycloneDx parser, I believe support should be added for at least parsing assemblies. I recognise this will likely need to flatten them and some fidelity will be lost with the current internal model, however, this would be beneficial for those of us using assemblies for validation and basic parsing tasks.