Deterministic sbom file

[MartinWitt]

Is your feature request related to a problem? Please describe.

We are examining the output of several SBOM producers. We noticed that the cyclonedx json file changes between different runs for the same project with build info go. The ideal behavior is deterministic.

Describe the solution you'd like to see

You might sort the lists in your json before writing them as json files. Any stable sorting will do.

[monperrus]

@yahavi WDYT? Thanks a lot!

[eyalbe4]

@MartinWitt, Thank you for the feedback! We definitely want to see this done. In case you'd like to contribute this fix through a pull request, this will help us get this out as quickly as possible.