Improve SBOM in future releases for laptops

[macpijan]

The problem you're addressing (if any)

The SBOM information is limited to coreobot / edk2 revisions

Describe the solution you'd like

For some platforms, the SBOM information we provide is more extensive Such as: https://docs.dasharo.com/variants/protectli_vp46xx/releases/#v120-2024-03-25

Where is the value to a user, and who might that user be?

No response

Describe alternatives you've considered

No response

Additional context

No response

[BeataZdunczyk]

@macpijan We are already addressing this as part of https://github.com/Dasharo/dasharo-issues/issues/955

Feature request: We provided links to all components' licenses at some point. I think that information should be included in SBOM's release notes. It has already happened a couple of times when someone asked about licenses for all components included. Maybe Opness Score should also account for that somehow.

[pietrushnic]

We should publish SBOMs in the Dasharo SBOM release section; those SBOMs should comply with the state of the art in a given project. The key question is how hard it would be to introduce that:

• SBOM coreboot
• SBOM edk2

Maybe we should have a label for SBOM since we have more issues directly or indirectly related:

• https://github.com/Dasharo/dasharo-issues/issues/129
• https://github.com/Dasharo/dasharo-issues/issues/568
• https://github.com/Dasharo/dasharo-issues/issues/955

[krystian-hebel]

Not limited to laptops, but otherwise fits this issue: AFAICT none of the SBOMs list edk2-platforms, even though it is used by most of the platforms supported by Dasharo.

[mkopec]

Tried to make some improvements for the upcoming release: