Re: SPDX Generator with RefIDs and package hierarchy

Home Messages Hashtags Subgroups

Anthony Harrison #1636 Daniel Have a look at SBOM4Python which generates an SBOM for an installed python module including all of its dependencies (direct or indirect). And look at SBOM2dot which generates a DOT file for producing a graph of the dependencies. Both applications are available on PyPi. Regards Anthony toggle quoted message Show quoted text On Thu, 9 Mar 2023, 19:51 , <daniel@...> wrote: All, I feel like I'm missing something obvious here, but which SBOM generators actually generate SPDX SBOMs that (1) have refID's for the overall asset (documentDescribes), and (2) have package dependency hierarchy information, i.e. something that I could use to build a tree visualization of how the software dependencies are introduced into the main piece of software? Thanks, Daniel
More All Messages By This Member

Join {spdx@lists.spdx.org to automatically receive all group messages.