Re: SPDX Generator with RefIDs and package hierarchy


So just to confirm with the community:

There is no single generator that can generate SPDX SBOMs, with dependency hierarchies, across different ecosystems (Python, Go, etc.) and for both containers & filesystems? The open-sbom-generator seems to work for filesystems, but not for containers. 

The closest we've found are one or two tools that only generate CycloneDX SBOMs, but we're also looking to support SPDX as well. 


Join { to automatically receive all group messages.