You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -86,6 +86,8 @@ The following design decisions have been made in processing the SBOM files:
86
86
87
87
2. It is assumed that the SBOM is valid and contains syntactically valid data. Invalid files will be silently ignored.
88
88
89
+
3. SBOMs which do not match the format of the SBOM to be processed when specified using the `--sbom` option is likely to result in incorrect differences being reported.
90
+
89
91
4. In SPDX format, the tool assumes that the name of a package is followed by the version and license of the package.
90
92
91
93
5. If there are multiple instances of a package included in the SBOM, only the first instance will be processed.
0 commit comments