Open
Description
Currently, externalReferences supports both URL and BOM-Link. There are some types that are better expressed with BOM-Link and therefore must be preferred over a URL.
Below are some types:
- bom
- release-notes
- model-card
- formulation
- attestation
- vulnerability-assertion
- pentest-report
To start with we can improve the documentation and create use-case examples to better illustrate the use of CycloneDX for these types.