Tasks

• Add Pedigree information to our patched products
• Verify that product SBOMs are correct in that they e.g. list hadoop as the product and not hadoop-common or similar
• Provide the dependency tree in the SBOM instead of a flat list of dependencies
• Check results from https://github.com/interlynk-io/sbomqs
• Maybe interesting: https://github.com/snyk/parlay
• Maybe helpful: https://github.com/interlynk-io/sbomasm