Remove duplicates in cyclonedx-json format when same bom-ref

[arkajnag23]

What would you like to be added: Remove duplicates in cyclonedx-json format when same bom-ref

Why is this needed: As we plan to report the json file to governance for EU and US audit, having duplicate records, feels wrong. I understand when determining the bom-ref, we are adding a package-id for making it unique for a library, but can't we remove that and
add within the properties with multiple json objects showing the source of the package.

               {
                    "name": "source",
                    "value": "<path 1>"
                },
                {
                    "name": "source",
                    "value": "<path 2>"
                }

Additional context:

[willmurphyscode]

Hi @arkajnag23,

Could you help us understand this problem a little bit more specifically? The JSON you included isn't enough information for me to understand what the problem is. Which fields are being duplicated?

My recommendation is to scan a publicly available Docker image (so you don't have any confidentiality concerns on posting it) and attach a cyclonedx-json output to this issue, and discuss what information is duplicated in order to illustrate the problem.