You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Just according to the value of 'scope' (required, optional) in SBOM? is that accurate?thanks
if is_required and package_type not in config.OS_PKG_TYPES:
package_usage = ":direct_hit: Direct usage"
package_name_style = "[bold]"
elif full_pkg in optional_pkgs or project_type_pkg in optional_pkgs:
if package_type in config.OS_PKG_TYPES:
package_usage = (
"[spring_green4]:notebook: Local install[/spring_green4]"
)
has_os_packages = True
else:
package_usage = (
"[spring_green4]:notebook: Indirect dependency[/spring_green4]"
)
package_name_style = "[italic]"
The text was updated successfully, but these errors were encountered:
@jackhj000 This is correct. Currently, cdxgen and other tools use/misuse the scope attribute to represent direct dependency. However, with the recent 1.5 spec we can do this cleanly with evidence and dependencies (tree).
Just according to the value of 'scope' (required, optional) in SBOM? is that accurate?thanks
The text was updated successfully, but these errors were encountered: