Feature request: Add option to enable SBOM license collection (--collect-licenses for inspector-sbomgen)

[Michael-Noma]

We’re using the Inspector action to generate a CycloneDX SBOM and gate builds on allowed licenses. Today the SBOM produced by the action contains components but no license metadata

Amazon Inspector SBOM Generator supports license collection via the --collect-licenses flag, which enriches the SBOM with SPDX license IDs. However, the action doesn’t expose a way to turn this on. As of v1.4.1, I don’t see an input to pass this flag and the invocation doesn’t include it.

[bluesentinelsec]

Hello @Michael-Noma, thank you for the feedback.
Adding license collection seems like a great addition!
I'll triage this feature as early as next week to assess level of effort and feature scope.
I'll report back after we have a handle on the feature.