Non-Compliant Custom UUID Generation in `generator.go`

[Jaydeep869]

Description

The custom generateUUID() implementation in pkg/generator/generator.go creates predictable, non standard IDs based purely on time.Now().UnixNano().
These IDs lack the proper version and variant bits defined in RFC 4122 (v4/v7). Because they are just padded nanosecond timestamps, they fail strict downstream SBOM schema validations that expect standard compliant UUIDs.

Expected Behavior

The SBOM generator should create valid RFC 4122 compliant UUIDs for the document ID.

Actual Behavior

The codebase generates pseudo random IDs using custom bit shifting logic that does not correctly conform to urn:uuid: standards.

Environment

• Codebase references: pkg/generator/generator.go around line 530.
• Standard affected: RFC 4122 (UUIDv4)

[Jaydeep869]

Hey @stupendoussuperpowers @absol27, I opened this issue after noticing that our current generateUUID() function is based on time.Now().UnixNano(), so it’s not fully following the RFC 4122 standard. This could cause problems with strict SBOM validation. I’m thinking of fixing it by replacing the custom logic with the github.com/google/uuid library. We can just use uuid.New().String() in createDocument to generate proper UUIDs instead of maintaining our own implementation.

Does this approach look good to you?