The sbom package in packit enables buildpack authors to easily generate SBOM content from the contents of an app directory. Now that this tooling exists, it's worth exploring whether this buildpack would provide value to users if it generated an SBOM.

Since this buildpack does not own/create a layer of its own, any SBOM the buildpack generates would be added to the launch SBOM.

Some initial questions to consider:

• What use cases exist where an SBOM generated at this of the build would be valuable?
• What performance penalties come with generating an SBOM in this buildpack?

Not needed. See similar issue paketo-buildpacks/yarn-start#170