Manual input of Swift Packages and enabling dependency checks

[coberhauser]

Hi,

we are running the Dependency Track for various projects, languages and build systems: Java, JavaScript, Kotlin, and Swift; Maven, Gradle, and Swift Packagemanager.
Currently imports of SBoMs generated by various CycloneDX plugins work fine except the one for Swift. Our project setup does not allow Cocoa Pods therefore the CycloneDX generation tools are limited (https://github.com/lsto/swift-package-sbom)/not existent. So we added the few libraries manually, e.g.:

Of course information about other dependencies and vulnerablilities do not appear in Dependency Track with this limited information.

Can anybody tell me what exact details (component name, version, namespace / group / vendor, URLs) are needed for the Dependency Track to work properly with manual added components in order to make dependency checks and vulnerabilities work or if this is even possible to track manually for Swift?

(PS: If somebody has any other ideas on how to generate an SBoMs from Swift PM, please let me know)