Allow to list SBOMs created by the tools by package

[sschuberth]

Is your feature request related to a problem? Please describe.

Mostly, an auto-generated SBOM can only be as good as the metadata provided the project / packages. As such it might be unfair to compare tools solely based on their SBOM quality scores as they're not necessarily being run on the same packages.

Describe the solution you'd like

For a given project / package, it should be possible to list all the SBOMs and their scores for the respective tools. That way one can quickly see which tool is providing the best SBOM for a given fixed input.

Describe alternatives you've considered

Another way to emphasize that a plain quality score based comparison might be unfair would be to clearly show for each tool which package managers / build systems / ecosystems it supports. Users might prefer a single slightly "worse" polyglot tool over multiple "better" specialized tools for usage simplicity.

Additional context

Looking at https://sbombenchmark.dev/, it currently seems like "som4python" would be the best overall tool, but as the name suggests it's for Python projects only, and from a user perspective it makes little sense to directly compare this to container-only tools like "Syft".

[surendrapathak]

Thanks for the feedback @sschuberth . Let us evaluate this and get back to you.

[sschuberth]

Any update on the matter, @surendrapathak?

[surendrapathak]

Hey @sschuberth , Sorry I dropped the ball on this one and we are in the middle of some key releases. Let me get back to you in two weeks on this issue. Thanks for your patiences.