bom

In http://rpmfind.net/linux/fedora/linux/development/rawhide/Everything/aarch64/os/Packages/g/GConf2-devel-3.2.6-31.fc36.aarch64.rpm we get this and the "unknown" is incorrect:

headers:
    -   tool_name: scancode-toolkit
        tool_version: 30.0.0
        options:
            input:
                - GConf2-devel-3.2.6-31.fc36.aarch64.rpm
            --license: yes
            --l

The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number

What would you like to be added or enhanced

vcn notarize offers the -r flag. vcn authenticate lacks this flag.

Why is this needed
Just to be consistent.

The CLI tool should support automatic resolving and augmentation of license information, when it is missing, for components in an SBOM.

For components with an external reference to a GitHub repo it should be possible, in a lot of cases, to automatically resolve license information using the API.

This is already supported in the .NET implementation (https://github.com/CycloneDX/cyclonedx-dotn