Support for multiple bom files generation

cdxgen could support generating multiple BOM files for a given project. We can support few styles of splitting and implement it as a [postgen](https://github.com/CycloneDX/cdxgen/blob/master/lib/stages/postgen/postgen.js) step.

Having such more granular representation for the ingredients of a digital product would help tiny ML models (~ 1M tokens) and tools like depscan v7, understand the composition layers better for deeper analysis. It would be super cool to have dependency-track support multiple bom file uploads per project too.

## Splitting strategies

- By BOM type (OBOM, SaaSBOM, CBOM)
- By purl package type
- By lifecycle [phase](https://cyclonedx.org/docs/1.6/json/#metadata_lifecycles_items_oneOf_i0_phase)
- By analysis [technique](https://cyclonedx.org/docs/1.6/json/#components_items_evidence_identity_oneOf_i0_items_methods_items_technique)

We then need the following things:

- `--out-dir` argument to accept a directory, since the current output argument is a file.
- A naming strategy for the generated files, since the current default is `bom.json`.
- An index sbom file to link all generated bom files using [externalReferences](https://cyclonedx.org/docs/1.6/json/#externalReferences_items_type).
- Enhance the automatic [composition](https://cyclonedx.org/docs/1.6/json/#compositions_items_aggregate) logic to indicate that each bom file is  `incomplete`.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for multiple bom files generation #1466

Splitting strategies

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Support for multiple bom files generation #1466

Description

Splitting strategies

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions