Updating an existing SBOM? #307
Description
First of all, thanks for providing such library. It works great, documentation is neat and saved our lives in the duty of tackling our approach to implement SBOM in the AlmaLinux Build System (from where we build AlmaLinux OS).
This is more a question rather than an issue and please, forgive me if it's a stupid question, but I'm pretty new to SBOM and I felt that before designing our workflow, it was worth asking here (maybe this is not even the right place to ask?).
So far, we're already generating SBOMs of some of the artifacts that the Build System creates. Since these artifacts can change over time, we were wondering what is the right approach to update an existing SBOM since I couldn't find anything relevant or any "good practices" on the subject. I tried to set the version field when generating a new BOM, but so far, it ends up being a new field called ersion.
Other than that, technically, it shouldn't be that difficult, we can store our generated SBOMs somewhere and then use these files to take the relevant serialNumber and increase the version manually, but still, we would like to know your thoughts on this.
Thanks again,
Javi