Thanks for the PR! The main reason this was not implemented so far was the fact that installing the tool with mix archive.install does not work with dependencies. I would like to retain the ability to install the tool on-the-fly (e.g. inside a CI job) without adding it as a declared dependency to the project, if possible.

Producing XML is easy with just standard library tooling, the question is whether it would be feasible to implement a minimal JSON encoder within the tool. What do you think?

Thanks for the PR! The main reason this was not implemented so far was the fact that installing the tool with mix archive.install does not work with dependencies. I would like to retain the ability to install the tool on-the-fly (e.g. inside a CI job) without adding it as a declared dependency to the project, if possible.

Producing XML is easy with just standard library tooling, the question is whether it would be feasible to implement a minimal JSON encoder within the tool. What do you think?

Hey @voltone, thanks for the explanation, I didn't know that.
Yeah, I think we can do it!

the json encoder covers the very basic stuff, but I do think it's enough for now, what do you think @voltone?
Also, I tested it again using sbom-utility and it's worked as expected.

May I ask where the JSON encoder code is coming from? I found some similar-looking code online, and I want to make sure any re-use of code is allowed by the license under which the original code was released.

for sure! I only copied the implementation related to binary encoding from here, all the other stuff I have implemented by myself

Sorry for ignoring this PR for so long, we've been discussing the best way forward in the EEF SecurityWG. We are considering moving maintenance of this Mix and Rebar3 plugins to the WG. In the process we might change this package to be an escript rather than a Mix archive, which would allow us to use package dependencies. I will keep you posted...

Sorry for ignoring this PR for so long, we've been discussing the best way forward in the EEF SecurityWG. We are considering moving maintenance of this Mix and Rebar3 plugins to the WG. In the process we might change this package to be an escript rather than a Mix archive, which would allow us to use package dependencies. I will keep you posted...

No problem at all, and thanks for the update, if there's anything i can help, pls let me know