Comment by zvr
4 hours ago
It was dropped exactly because it was flat and it was becoming completely unmanageable.
SPDX v3 is based on a graph model that can represent hierarchies natively. It can then be serialized in a file, for example, in JSON format.
But it was the best format for manually creating an SBOM.
Most SBOM use cases don‘t need the ability to put your detailed software architecture in the SBOM.