johndgiese
commented
6 months ago It may be good to stick in the two FDA additional properties (see https://innolitics.com/articles/sbom-best-practices-faqs-examples/#what-information-do-we-need-to-include-for-each-component-in-our-sbom)
The main item in the SBOM should have a value of "primary" while others should say "included in" as appropriate. See https://www.ntia.gov/sites/default/files/publications/ntia_sbom_framing_2nd_edition_20211021_0.pdf for details.