Closed
Description
Currently the sbom-tools seems to lack support of excluding dev dependencies from the dependency scan. This is quite important because we deliver the sbom lists to customers. Including dev dependencies will give them insight in tools and development dependencies we only use internally as a company the need not to know of. For example customers need not to know that a company applies "vitest" for unit testing.