- Merged #37, Don't require custom registries to have a registry description
- Resolved #34, #9, Option to make the package server the download location instead of the GitHub repo
- Resolved #33, adding source code for JLLs from Yggdrasil to the SBOM
- Resolved #18, Put a package's git tree hash in the Download Location
- Pulled out some trailing whitespace in information fields
Resolved #7, Fill in Declared License field in SBOM
- Uses LicenseCheck.jl to scan packages and artifacts for license files and licenses embedded in source files.
- Also fill in package field License Info From Files.
Update SPDX package compatibility to v0.4. This update enables the following:
- Updates the algorithm for computing the package verification code to a hopefully correct implementation.
- Allows the computation of artifact verification codes, since it is now able to ignore bad symbolic links.
Resolved #2, Include artifacts in the SBOM
Resolved #22, Document the version of Julia used to produce the SBOM
Resolved #15, Avoid using Pkg internals
Resolved #23, Export SPDX when loading PkgToSoftwareBOM
Improvements to code coverage tests