Feature: The option to generate a Cryptography Bill of Materials (CBOM) using the maven plugin

[Pentaguin]

According to the CycloneDX cdxgen documentation. it is possible to generate a CBOM using these commands:

cbom -t java
cdxgen -t java --include-crypto -o bom.json .

Unfortunately, the current plugin does not support it.

Is it possible to add another value to generate CBOM to the list:

<plugins>
    <plugin>
        <groupId>org.cyclonedx</groupId>
        <artifactId>cyclonedx-maven-plugin</artifactId>
        <configuration>
            <projectType>library</projectType>
            <schemaVersion>1.6</schemaVersion>
            <includeBomSerialNumber>true</includeBomSerialNumber>
            <includeCompileScope>true</includeCompileScope>
            <includeProvidedScope>true</includeProvidedScope>
            <includeRuntimeScope>true</includeRuntimeScope>
            <includeSystemScope>true</includeSystemScope>
            <includeTestScope>false</includeTestScope>
            <includeLicenseText>false</includeLicenseText>
            <outputReactorProjects>true</outputReactorProjects>
            <outputFormat>all</outputFormat>
            <outputName>bom</outputName>
            <outputDirectory>${project.build.directory}</outputDirectory><!-- usually target, if not redefined in pom.xml -->
            <verbose>false</verbose><!-- = ${cyclonedx.verbose} -->
        </configuration>
    </plugin>
</plugins> 

[hboutemy]

I imagine that generating a CBOM is more than "adding another value": can you explain a little bit what you expect in a Maven build when you ask for "CBOM"?

notice: I don't know what the cbom nor the cdxgen commands do when invoked with -t java and how it relates to cyclonedx-maven-plugin (or not)