add main component information for trivy generated sbom

The sbom generated by syft ends up having this additional main component information in the annotations

```
 "annotations": {
          "chainloop.material.cas": true,
          "chainloop.material.name": "sbom",
          "chainloop.material.sbom.main_component.name": "ghcr.io/chainloop-dev/chainloop/cli",
          "chainloop.material.sbom.main_component.type": "container",
          "chainloop.material.sbom.main_component.version": "sha256:bbfd27fcdb15c8082951dc59be2310a2a2e6b95e11002f8411e5918887faa607",
          "chainloop.material.type": "SBOM_CYCLONEDX_JSON",
          "environment": "prod"
        },
      },
```

The material based on a trivy generated SBOM does not

```
"annotations": {
          "chainloop.material.cas": true,
          "chainloop.material.name": "sbom-trivy",
          "chainloop.material.type": "SBOM_CYCLONEDX_JSON"
        },
```



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

add main component information for trivy generated sbom #1988

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

add main component information for trivy generated sbom #1988

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions