[bug] cyclonedx sbom generation should offer an option to exclude "test" dependencies

[sbouchexbellomie-Philips]

Describe the bug

Conan version 2.12.1 on linux

How to reproduce it

I have some dependencies that are declared as test requirements (like gtest for example).

When I generate the sbom, they appear in the json file, they should not.

[memsharded]

Hi @sbouchexbellomie-Philips

Thanks for your feedback.

Do you refer to the new from conan.tools.sbom functionality?
This wouldn't be a bug, but a feature request, labeling as such. Actually, it is a good point, maybe the default should be to exclude the test-requires and use only the "host" requires for the sboms, and have the others as opt-ins.

Some considerations for @ErniGH :

• the opt-ins/outs could be arguments to cyclonedx_1_4(..., add_tests=True), or maybe they should be confs to the tool?
• If confs, how to make them flexible to not have to define a ton of new built-in confs?

[sbouchexbellomie-Philips]

@memsharded Exactly, I'm using this experimental feature to generate the sbom and right now, I have to use yq to manually cleanup the file.
Having the opt-ins option would be perfect for me as it can be triggered at runtime.

[ErniGH]

Hello, @sbouchexbellomie-Philips thank you very much for your issue. We hope it gets resolved by #17695 . 😄