What are you trying to do?
Since oysteR already generates a list of project dependencies and purls for an R package it would be nice to use that information to generate a software bill of materials (SBOM)
What feature or behavior is this required for?
With SBOMs we can more easily track dependencies used in an R package, as well as track changes to dependencies over time, and check for vulnerabilities in those dependencies (ie. using https://dependencytrack.org/)
What are you trying to do? Since oysteR already generates a list of project dependencies and purls for an R package it would be nice to use that information to generate a software bill of materials (SBOM)
What feature or behavior is this required for? With SBOMs we can more easily track dependencies used in an R package, as well as track changes to dependencies over time, and check for vulnerabilities in those dependencies (ie. using https://dependencytrack.org/)
How could we solve this issue? (Not knowing is okay!) Add an option in oysteR to support CycloneDx output for SBOM: https://cyclonedx.org/specification/overview/
Anything else? N/A
cc @bhamail / @DarthHater / @brittanybelle / @adrianpowell / @csgillespie