This would require the output value to support a Stringer interface. in case the name is not - and the value kind is struct, we might end up in a weird spot here.

I added a check for the type of value.

We should move this up to line 65 instead. Having the field.CanInterface() check is important to avoid potential panics during reflection.

I added canInterface check for field.

I believe we should explicitly handle groupId/artifactId the way it is specified in the CDX spec - i.e. using the structured group and name field of a component. https://cyclonedx.org/docs/1.4/json/#components_items_name rather than a property.

We can also take a look at the reference CycloneDX maven implementation for reference on how it handles these fields - https://github.com/CycloneDX/cyclonedx-maven-plugin/blob/684b4d59012396e8548faa4d8460bc49c2af79f9/src/main/java/org/cyclonedx/maven/BaseCycloneDxMojo.java#L436-L439

cc: @stevespringett who will know more.

I think the lower level support of structs can be feasible for the future.
At the moment the group is missing and putting it into the CDX properties don't cause any issues.
For example, there is a type and language in the properties that can be easily extracted from the PURL.
But it would be great to put groupID to the group filed

@samj1912 I added group filed with groupID in the case of java. I think the grouID and artifactID still can be a part of the properties. WDYT?

The group field in CycloneDX is intended to be a drop-in for Maven groupId and NPM scope names. The CycloneDX implementations for Maven, Gradle, Webpack, and NodeJS all use the group field.

See also https://cyclonedx.org/docs/1.4/json/#components_items_group

@stevespringett Thanks for your explanation. So filling the group filed with groupID is OK.