> The size and structure differences you noticed between CycloneDX and > SPDX SBOMs stem from their different levels of granularity: > > - CycloneDX focuses on packaged software. > - SPDX can describe components down to the file level.
Just FYI that CycloneDX can also describe components down to the file level. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
