Add CycloneDX output

[coderpatros]

It would be great if this tool could output a software bill of materials in CycloneDX format https://cyclonedx.org/

There's a mature .NET library that can handle a lot of the heavy lifting. I'd be happy to help make that happen if it's a contribution you'd accept.

[JamieMagee]

Thanks for opening the issue. Our team is winding down for the holidays right now, so I don't expect we'll get back to this until January. We'll be starting up open community meetings then, and I think this would be a good first topic to discuss there.

In the meantime, can you share a link to the .NET library and any documentation you think would be useful? That way I can read up ahead of time, and get a better sense of what's involved.

[coderpatros]

Hi @JamieMagee, the repo for the library is here https://github.com/CycloneDX/cyclonedx-dotnet-library. With documentation over here https://cyclonedx.github.io/cyclonedx-dotnet-library/.

Hope you and the team have a good break!

[coderpatros]

And examples of output, in JSON and XML, for different use cases are here https://cyclonedx.org/use-cases/

[coderpatros]

FYI I’m currently in the process of making some changes to the above library for support of CycloneDX v1.4. I’ve also been doing some work on an interop library for SPDX format. So I should be able to trivially add SPDX output once the initial work is done. https://spdx.dev/