Provide support for CycloneDX SBOM

[VinodAnandan]

OWASP CycloneDX is a lightweight Software Bill of Materials (SBOM) standard designed to use in the application security contexts and supply chain component analysis. CycloneDX is an OWASP flagship project ( owasp.org/www-project-cyclonedx ). The Open Web Application Security Project is a non-profit foundation that works to improve the security of software.

CycloneDX is already supported by many security vendors and projects ( cyclonedx.org/about/supporters ). It is also recommended in the Technology Radar Volume 26 ( thoughtworks.com/radar/platforms?blipid=202203034 )

Related links:

https://github.com/CycloneDX/cyclonedx-go

[G-Rath]

As I said on Slack, I've been thinking about this myself so your timing is perfect.

Would you happen to have some examples I could use for fixtures? Ideally some with Ruby gems and npm based packages would be great, but the more and the weird the better!