Bug
For dockerized NodeJS projects, the dependency trees info does not contain npm dependencies (SBOM "dependencies" section), the same doesn't occur for non-dockerized NodeJS projects.
Reproducible steps
Using the publicly available image from rocket.chat as example
docker pull rocket.chat
docker save -o rocket.tar rocket.chat
cdxgen rocket.tar -o rocket-sbom.json
Not sure if the same is happening for other stacks