Use VirtualPath to build Dependencies section

[merlin-uk]

What would you like to be added:
We would like the Dependencies section to be added to the bottom of the SBOM.
Why is this needed:
SBOMs need to have a Dependencies section to be valid.
Additional context;
The VirtualPath which is created under each Property section can be used to build a Dependencies section.

[kzantow]

Hi @merlin-uk -- could you expand on this request? I don't think we could build a dependency tree strictly based on file paths. Are you referring to Java, specifically? If so, I don't think we can use the JAR nesting to build a dependency graph, either, necessarily. We could probably use this to make CONTAINS relationships, but I don't believe this would accomplish what you are asking for, as this is different than a dependency relationship, and would not show up in CycloneDX dependencies. We would definitely need a bit more information to understand exactly what the use case you are trying to solve is here, if you could expand on this some.

[kzantow]

Hi @merlin-uk -- a feature was just implemented that includes some amount of dependency information for Java. One of the things that this change surfaces is dependencies for nested Java archives, for example: a .war file which contains .jar files, the containing WAR file will have dependency relationships to the contained JAR files. I think this will accomplish what this issue is asking for, so I'm going to close this issue. If I've misunderstood or there are cases that the current implementation doesn't account for, please let us know and we can reopen this!