It turns out that the RHTPA has issues parsing our SBOMs because we don't use valid SPDX License expressions. This is a known limitation and something that I expected to be a problem. I'll look into fixing License expressions in our SBOMs.

In the meantime, there seems to be a problem with our SBOMs, even with the license expressions issue being mitigated (by converting the SBOM to spdx-json using syft). The tooling produces the following error:

Failed to parse SBOM: The SBOM contains package type(s) not supported by Dependency Analytics. The Dependency Analytics report may be unavailable for this SBOM.

I've reached out to pcattana, asking for some RHTPA engineering contacts  

Goal:

<-- Notes for defining an appropriate Epic goal  - remove these notes before saving -->

• Provide high-level goal statement, providing user context and expected user outcome(s) for this Epic
• Derived from one or more of the Use Cases/Scenarios or Acceptance Criteria from the parent Feature (or Initiative)
• 2-3 sentences... 

Acceptance Criteria:

<-- Notes for defining Acceptance Criteria  - remove these notes before saving -->

• Acceptance Criteria articulates and defines the value proposition - what is required to meet the goal and intent of this Epic 
• The Acceptance Criteria provides a detailed definition of scope and the expected outcomes - from a users point of view
• ... 

Open questions:

<-- Capture any open questions and resolutions relating to the goal/acceptance criteria - remove these notes before saving -->

• Any additional details, questions or decisions that need to be made/addressed
• …