Is your feature request related to a problem? Please describe.
when generating an SBOM from a requirements.txt, it is currently not planned to pull transitive depednencies.
therefore, the SBOM might be incomplete.
this shall eb stated via CycloneDX compositition
Describe the solution you'd like
when generating an SBOM from a requirements.txt,
for the rtoot component: the dependency composition completeness is set to "incomplete_first_party_only" - see https://cyclonedx.org/guides/OWASP_CycloneDX-Authoritative-Guide-to-SBOM-en.pdf page 59
also: add a CLI flag to set this value according to spec - https://cyclonedx.org/docs/1.6/json/#compositions_items_aggregate
Describe alternatives you've considered
/
Additional context
/
Contribution
Is your feature request related to a problem? Please describe.
when generating an SBOM from a requirements.txt, it is currently not planned to pull transitive depednencies.
therefore, the SBOM might be incomplete.
this shall eb stated via CycloneDX
composititionDescribe the solution you'd like
when generating an SBOM from a
requirements.txt,for the rtoot component: the dependency composition completeness is set to "incomplete_first_party_only" - see https://cyclonedx.org/guides/OWASP_CycloneDX-Authoritative-Guide-to-SBOM-en.pdf page 59
also: add a CLI flag to set this value according to spec - https://cyclonedx.org/docs/1.6/json/#compositions_items_aggregate
Describe alternatives you've considered
/
Additional context
/
Contribution