How to Generate and Manage SBOMs for .NET Apps in Docker

I'm currently working on a way to track the packages we use in our .NET applications, primarily for license compliance and to identify any vulnerabilities (CVE issues). So far, I've been successfully using CycloneDX for our .NET apps and cyclonedx-npm for our React applications. However, I'm now figuring out the best method for generating Software Bill of Materials (SBOM) for a .NET app that is deployed via Docker.

At the moment, I am creating two separate SBOMs: 1) A CycloneDX SBOM for the .NET application code that includes details about NuGet package versions, and 2) A Syft SBOM for the container image that captures all OS packages and other dependencies within the container.

I have a few questions: Should I merge these SBOMs into a single file, or is it better to maintain them as separate entries in Dependency-Track? Also, I've noticed that Syft has trouble accurately capturing the versions of NuGet packages, so relying solely on Syft's SBOM means I miss critical details about my .NET dependencies. Additionally, is there a more effective tool than Syft for managing SBOMs for .NET containers, or is there a way to improve Syft's scanning of the published app files? What strategies do others use for managing both application and container dependencies for .NET apps running in Docker?