There is work ongoing on the CycloneDX spec to be able to mark dependencies as 'extraneous' (CycloneDX/specification#586), which all of our dependencies are (except 'embedded'/shaded resources). Let's track that work and implement it when it becomes part of the spec.
There is work ongoing on the CycloneDX spec to be able to mark dependencies as 'extraneous' (CycloneDX/specification#586), which all of our dependencies are (except 'embedded'/shaded resources). Let's track that work and implement it when it becomes part of the spec.