Open
Description
During SBOM generation (regardless of SPDX version), we skip SPDX 3.0 documents if they are in the build drop path. This means that they do not get added to the generated SBOM as external document references. During generation, the following warning message is also displayed to the user to indicate this behavior:
##[warning]Discovered SPDX at "C:\\Users\\ppandrate\\source\\repos\\sbom-tool\\TestResults\\Deploy_ppandrate 20250317T155644_5824\\E2E_GenerateAndRedactSPDX30Manifest_ReturnsNonZeroExitCode\\_manifest\\spdx_3.0\\manifest.spdx.json" is not SPDX-2.2 document, skipping
Is this behavior we are ok with? Do we want to include SPDX 3.0 documents in external document references?