What would you like to be added:
Sometimes we just want a static sbom rather than needing an image or generator from an image as input.
Why is this needed:
- We want to be able to compare vulnerability results across various sbom input formats
- Ability to more quickly add and label specific test cases without needing to build an entire base image and having to additionally label all of the junk that that brings in
- Ability to have comparisons for sboms with proprietary software components in them which we would not be able to provide a public image for
What would you like to be added:
Sometimes we just want a static sbom rather than needing an image or generator from an image as input.
Why is this needed: