Investigate if it is possible to use the osv-scanner as replacement for cdxgen in flawfind

[timbastin]

I am considering the possibility of utilizing the osv-scanner as a replacement for cdxgen within Flawfind. The rationale behind this exploration stems from several factors:

1. Size Efficiency: osv-scanner is notably smaller compared to cdxgen, potentially resulting in a more lightweight and streamlined integration.
2. Process Integration: Using osv-scanner could eliminate the necessity to execute a separate command, allowing for all processes to be contained within the same Go process. This could enhance efficiency and simplify the overall architecture.
3. Investigate sbom Generation: However, it is imperative to investigate whether osv-scanner supports the generation of Software Bill of Materials (SBOMs) from both containers and host systems. This aspect requires thorough exploration to ascertain compatibility and functionality.