Describe the problem you would like to solve
As an OJS platform provider, I need to know all dependencies used in production of my application, in order to know about the provenance of my components and to mitigate security risks.
Describe the solution you’d like
OJS provides an SBOM in SPDX format, alternatively CycloneDX.
Who is asking for this feature?
Systems engineers, SREs + DevOps
Additional information