The SBOM is easier to read if the dependencies are sorted alphabetically. Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
@@ -205,7 +205,7 @@ def cyclonedx_dependency(ref, depends):
"""
return {
"ref": ref,
- "dependsOn": depends,
+ "dependsOn": sorted(depends),
}
Fabien Lehoussel