Security assessment of the SBOM #2256
Description
Is your feature request related to a problem? Please describe.
In recent years, many countries have required cybersecurity assessments for device manufacturers. If someone wants to use OpenMQTTGateway in the ESP-based devices, they need to understand the vulnerabilities in the project dependencies and track them over the lifetime of their devices and provide remote updates to address those vulnerabilities.
Describe the solution you'd like
I would like to see the SBOM analysis report as part of the CI/CD workflow for OpenMQTTGateway. The report can be publicly available or provided to people with a subscription to a mailing list. So every time a new release is created, the security report gets generated, and in the future, when vulnerabilities are found in a former release, they get notified to figure out a solution.
Describe alternatives you've considered
There are some cybersecurity tools in the market for this, but they are very expensive, and they don't justify their usage for open source projects.
Additional context
I am developing an open-source solution to provide an SBOM security report specifically for ESP-based projects, and I would like to know whether people are interested in such a feature and ask for your opinion to design the first version, which can be integrated into OpenMQTTGateway.