feat: Support external manifests

[buffcode]

Is your feature request related to a problem? Please describe.

As part of the Cyber Resilience Act we are required to add SBOM to all of your projects. Me make extensive use of CI pipelines for analysis and deployments. For every repository we need to add and maintain cyclonedx-node-yarn as additional dev-dependency.

Describe the solution you'd like

Similar to cyclonedx-node-npm we would like cyclonedx-node-yarn to support external manifests:

cyclonedx-yarn [options] [--] [<package-manifest>]

This would enable this project to be used as a Docker container, which can easily added to every CI pipeline and maintained centrally, instead of per-project.

Additionally, in mono-repositories the dependency would have to be added to every single sub-project currently.

Describe alternatives you've considered

Wrapping up the current version into a Docker container, which does not help, as it only works on the current project.

[jkowalleck]

@buffcode ,
feel free to pull request the needed changes.
(you probably will find out that this feature requires not much change, as it is basically built in already :-))

[jkowalleck]

Additionally, in mono-repositories the dependency would have to be added to every single sub-project currently.

not that i am aware of. yarn workspaces foreach ... worked well, when the plugin was imported in the root space.

[buffcode]

Additionally, in mono-repositories the dependency would have to be added to every single sub-project currently.

not that i am aware of. yarn workspaces foreach ... worked well, when the plugin was imported in the root space.

Yeah thats correct, when workspaces are in use. For internal reasons we have some directory trees that aren't workspaces but can optionally installed via yarn (usually bigger libraries/projects that require build tools, aren't used often, etc.)