-
Jamie Tanna authored
As dependency-management-data requires dependencies be tied to the platform/organisation/repo combination, this can make working with SBOMs a little more awkward as they commonly do not have this metadata contained. The producer of the SBOM is probably best to indicate this, whether on the command-line when `import sbom`ing the file, or with a new `import bulk` subcommand. For now we only need to add support for SBOMs, but leave it extensible for the future. Closes #166.
a2d6b943Jamie Tanna authoredAs dependency-management-data requires dependencies be tied to the platform/organisation/repo combination, this can make working with SBOMs a little more awkward as they commonly do not have this metadata contained. The producer of the SBOM is probably best to indicate this, whether on the command-line when `import sbom`ing the file, or with a new `import bulk` subcommand. For now we only need to add support for SBOMs, but leave it extensible for the future. Closes #166.
Loading