Syft SBOMs support dependency hierarchies. #1674
Labels
enhancement
New feature or request
Comments
|
This is a duplicate of #572. |
This was referenced Apr 13, 2023
|
Indeed it's a dup -- I'll close this one. Shout out if there is extra context that is not capture in the original issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
When I generate SBOMs from Syft (in either CycloneDX or SPDX), the resulting SBOM files don't show the dependency hierarchies (i.e. the tree relationships between libraries) that other generators do (like the open-sbom-generator).
I want/need to be able to see, for a given vulnerable library, how it was introduced into an asset.
Ex:
Why is this needed:
This allows me to tell developers what libraries they specifically need to upgrade/replace in order to remediate vulns or other issues introduced.
Additional context:
The text was updated successfully, but these errors were encountered: