I'd be great if generated SBOMs were reproducible as per https://reproducible-builds.org/

This would require that:

• generated files should have a deterministic order i.e, dependencies sorted by a given rule.
• timestamp supplied as an input. Keep current behavior if no input is given.