Add support for dependency graph

[serbanrobu]

Resolves: #14

[sonatype-lift]

compiler-message: error: called is_some() after searching an Iterator with find
--> cargo-cyclonedx/src/generator.rs:174:18
|
174 | .find(|d| d.matches_id(p.package_id()))
| ^
175 | | .is_some()
| |________^ help: use any() instead: any(|d| d.matches_id(p.package_id()))
|
note: the lint level is defined here
--> cargo-cyclonedx/src/lib.rs:19:9
|
19 | #![deny(clippy::all)]
| ^^^^^^^^^^^
= note: #[deny(clippy::search_is_some)] implied by #[deny(clippy::all)]
= help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#search_is_some

---

ℹ️ Learn about @sonatype-lift commands

You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.

Command	Usage
@sonatype-lift ignore	Leave out the above finding from this PR
@sonatype-lift ignoreall	Leave out all the existing findings from this PR
@sonatype-lift exclude <file|issue|path|tool>	Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file

Note: When talking to LiftBot, you need to refresh the page to see its response.
_{Click here to add LiftBot to another repo.}

---

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

[erik-moqvist]

Any update on this PR? I'm also interested in having a dependency graph in the SBOM.

[lfrancke]

Yes, this will be worked on in the next few weeks.
I reached out to the author of this PR as well.

We're not allowed to talk about it yet but will have an announcement in the week of Oct 16 on the future of this project.
I would ask for just a tiny bit more patience.

[lfrancke]

See #504 for an updated version of this PR.
I will close this for now. If anyone objects let me know.