-
-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose merging SBOMs #9
Comments
Note to self: Merging as performed by the CLI is implemented here in the .NET library: https://github.com/CycloneDX/cyclonedx-dotnet-library/blob/main/src/CycloneDX.Utils/Merge.cs |
Don't be limited by what I managed to implement for merging in the CLI tool. It still requires some work. Especially around the flat merging approach. i.e. it doesn't handle dependency graphs. But from memory the hierarchical merging was reasonably feature complete. |
Yeah, there are a few other points I'd like to address with flat merging. Like deduplication of components and services, rewiring of the dependency graph etc. I've used a merging library for the initial implementation, but that may not be the best idea after all. Will need to do a bit more research here. |
This would be really great to see. I'm working with CycloneDX in Go and my options for merging at the moment are:
Neither are very appealing! |
Hello 👋 we are starting the work on integrating cyclonedx in buildpacks. As a part of this work, we need to be able to merge cyclonedx SBOMs provided by various buildpacks involved in the build process through our go based binary called the lifecycle. We were hoping for the behavior exposed by the cyclonedx CLI to be available via a go library. Would it be possible to add this as an enhancement?
The text was updated successfully, but these errors were encountered: