Unable to create SBOM when output directory structure doesn't exist

Description

Current Behavior: When the analyzer generates SBOMs and attempts to write them to a path relative to the specified artifact directory, it fails if the intermediate directories don't exist.

For example, with the following structure:

src/
  dirA/
    dirA.1/
      package-lock.json
artifacts/
  .gitkeep

When ANALYZER_ARTIFACT_DIR is set to ./artifacts, the analyzer fails to write to artifacts/src/dirA/dirA.1/gl-sbom-npm-npm.cdx.json because the directory structure doesn't exist.

Expected Behavior: The analyzer should:

1. Create any necessary intermediate directories automatically
2. Only fail if it's unable to create the required directories
3. Successfully write the SBOM file to the intended location

Impact: This issue prevents the successful generation of SBOMs for projects with nested directory structures when using a custom artifact directory.

Workaround: You can workaround this by creating the necessary directories before the analyzer runs.

Implementation plan

1. Update the cyclonedx/convert.go file to use os.MkdirAll before writing the artifact to the file system.

---

Description was generated using AI