Is your enhancement request related to a problem? Please describe.
It can happen that a software is both released as a standalone product A and simultaeously as part of a bigger product B. Ideally the package dependencies would not have to be added and reviewed for the product B a second time, but rather product A can be included in product B.

What are the benefits of the requested enhancement?

• No need to update entries twice (or more) on multiple products that use product A
• No risk of inconsistent data in products that make use of product A
• Review steps only have to be done once for product A
• Ability to create hierarchy of products

Describe the solution you would like

• Option 1: Components pretty much cover the hierarchy and nesting, but do not allow to import SBOMs like products
  • Implement SBOM import for components, much like with products
  • User can then add the software as a component
    • For product A we would simply add the component to the inventory and nothing else (standalone)
    • For product B we would add the component among other components and packages to the inventory (bigger product)
  • Export of the SBOM for a product with components must properly include everything that the components depend on (I haven't tested that yet, may already be the case)
• Option 2: Add a nesting and hierarchy feature to products (much like with components)
  • This might make less sense, because then there is even less distinction between components, though products would still be for software that we produce, while components are those that we consume

Additional notes
I have asked about this on gitter and was directed to the issue tracker. I may have misunderstandings what components should be used for so apologies if the suggestion goes against the intended design. I'm also not entirely sure why the package associated with components seem to be handled differently with regard to permissions when compared to products. Components seem to be fairly locked off and only editable by the data admins.