FEAT: Option to add copyright to SBOM result

[Frozen-byte]

Is your feature request related to a problem? Please describe.

For legal documentation, I need the copyright holder for components.

Describe the solution you'd like

An option to enable integration of the copyright holder

Additional context

from discussion https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/1309#discussion_r1786169514

For this feature it is necessary to scan the license-text for a copyright notice. This is already done by the license-scanner written in go and may become handy while implementing.

[Frozen-byte]

I want to implement this feature.

My plan is to include checking for copyright evidences to the collectEvidence option.

Any Legal stuff I need to know for attaching a proper evidence?

I would scan LICENSE and NOTICE like files for a line that starts with copyright and add this Line as an evidence. Some smart filtering that will exclude false positives from i.E. Apache 2.0 licenses that include lines starting with "copyright". I do not know if it's necessary to check every file, sometimes binaries/sources also have a copyright included as a header.

[jkowalleck]

I want to implement this feature.

I've assigned the ticket to you and flagged it as "need help" to signal that others are welcome to participate and discuss.

Any Legal stuff I need to know for attaching a proper evidence?

Basically nothing. I'd suggest connecting with other pears from the CycloneDX community and discuss expectations and requirements.

I would expect this feature to be discussed on a broader basis, not webpack-only, and implemented dedicated to webpack, then. You may go with a minimal-viable-product approach at first, and follow with improvements via additional pull requests later.

Please join the community slack (invite) to find others and experts in the field.