Since the introduction of pecoff matching it’s been recommended to us that we use tools such as CycloneDX to generate a bill of materials to ensure we’re getting licence information from the NuGet packages (not something we can get from DLLs). From what we know this is using the packages.config and/or .csproj files to gather information about the packages/nuget components.
It looks like similar functionality to this has been introduced in Version 104 - is this intended to replace using CycloneDX to generate a BoM? Are there advantages and disadvantages to using either?
Ideally we’d like to keep things simple and use a single tool (the CLI) without having to use CycloneDX! Haven’t had change to fully test this yet though so I’m not sure what the main differences would be.