What would you like to be added:

Ensure that all SBOMs produced by Syft cover the NTIA's Minimum Elements For a Software Bill of Materials (SBOM).

Direct link to PDF: https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf

Why is this needed:

This set of minimum elements is an official recommendation to organizations producing SBOMs for the software they produce and consume. We should be sure that, when the need for this support is present, Syft is a great choice for users to produce complaint SBOMs.

Additional context:

It may be that Syft already does provide support for this. The goal of this ticket is to ensure that Syft does support these minimum elements, and once confirmed, advertise this information about Syft publicly, including on Syft's README.

Related Work

• Using replace in a go.mod creates a SPDX package without versionInfo (Non-NTIA compliant) #2038 (bad name, missing version)
• Scanning a folder with a jar archive with no metadata creates a SPDX package without versionInfo (Non-NTIA compliant) #2039 (missing version)