BSI TR-03183-2 sbom_build reported by sbomqs, but not in standard.

[robin-s-007]

Hello,

I using sbomqs to validate an SBOM template (CycloneDX v1.6 JSON) against the BSI v2.1.0 standard.
While sbomqs only supports BSI v2.0 the changelog in v2.1.0 does not list anything significant differences.

sbomqs reports a missing sbom_build feature.
However the BSI spec does not mention such a feature, I guess this comes from the SPDX meta data.
CycloneDX has something simular with the version field, but this is not interpreted as such.

Is this what is ment ?

Best Regards,

Robin

[viveksahu26]

Thanks for raising it. I agree that sbom_build field isn't there in the BSI TR-03183-2 v2.0. Will remove it.

[viveksahu26]

Let's re-open it, to track it, until it get's completed.