Gijs Calis

Note: The 'Detect schema changes / Label changes' failed, but should pass on re-run of the job.

@kzantow, @willmurphyscode : I realise this is quite a large PR, but it also makes significant improvements. Without these improvements syft does not work well enough, especially on Spring Framework...

BTW, this is my first attempt at programming in Go. So I'm certainly open to (and prepared for :-) feedback.

I've considered this while building #2669, but: 1. Using `mvn help:effective-pom` to generate an effective-pom.xml allows us to re-use the existing pom parsing code. Otherwise additional parsing of the `mvn...

At least for cyclonedx-json SBOM's quite a lot of java packages without versions are being included in the output file. Is that a bug in the java cataloger?

> I would love to have this PR merged, but can totally understand that syft currently doesnt have the triggering of external tools. But this would also help to better...

@kzantow: of course not. I'm glad you're working on this :-) While designing this, I searched for a generic caching facility and could not find it. That's why I opted...