Make cyclonedx-maven-plugin work together with frontend-maven-plugin

[sbernard31]

I use cyclonedx-maven-plugin to generate SBOM for my multi-module maven project.

Some of my maven module contains a jetty server + a frontend managed with npm, the frontend-build process is execute during the maven build thanks to frontend-maven-plugin.

The frontend build also generate sbom thanks to cyclonedx-node-npm. I'm able to generate this frontend SBOM in corresponding maven${project.build.directory}.

So now ideally, I would like that this bom can be taking into account by cyclonedx-maven-plugin.
Maybe by aggregate it to sbom of the corresponding maven module ?

1. Do you think this could be in the scope of this project ?
2. Do you think this make sense to aggregate the frontend SBOM with the maven SBOM when using makeBom goal ? or should it be 2 seperated BOM ?
3. Do you think this make sense to aggregate the SBOM with makeAggregateBom goal ?
4. Or do you see better way to make this works together ?

I think this is related to : #395

If you want to include this in cyclonedx-maven-plugin I can help. Let me know 🙏