You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by "coheigea (via GitHub)" <gi...@apache.org> on 2023/10/18 09:35:15 UTC

[PR] Adding CycloneDX SBOM [cxf]

coheigea opened a new pull request, #1480:
URL: https://github.com/apache/cxf/pull/1480

   (no comment)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@cxf.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] Adding CycloneDX SBOM [cxf]

Posted by "coheigea (via GitHub)" <gi...@apache.org>.

coheigea commented on code in PR #1480:
URL: https://github.com/apache/cxf/pull/1480#discussion_r1365462040


##########
pom.xml:
##########
@@ -688,6 +688,23 @@
                     <artifactId>maven-war-plugin</artifactId>
                     <version>3.3.2</version>
                 </plugin>
+                <plugin>
+                    <groupId>org.cyclonedx</groupId>
+                    <artifactId>cyclonedx-maven-plugin</artifactId>
+                    <version>2.7.9</version>
+                    <executions>
+                        <execution>
+                            <id>make-bom</id>
+                            <phase>package</phase>

Review Comment:
   OK thanks, I'll take a look



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@cxf.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] Adding CycloneDX SBOM [cxf]

Posted by "coheigea (via GitHub)" <gi...@apache.org>.

coheigea commented on PR #1480:
URL: https://github.com/apache/cxf/pull/1480#issuecomment-1770872639

   @reta It will be published in Maven Central like this when we release: https://repo1.maven.org/maven2/org/apache/santuario/xmlsec/4.0.0/xmlsec-4.0.0-cyclonedx.json


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@cxf.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] Adding CycloneDX SBOM [cxf]

Posted by "coheigea (via GitHub)" <gi...@apache.org>.

coheigea merged PR #1480:
URL: https://github.com/apache/cxf/pull/1480


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@cxf.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] Adding CycloneDX SBOM [cxf]

Posted by "reta (via GitHub)" <gi...@apache.org>.

reta commented on code in PR #1480:
URL: https://github.com/apache/cxf/pull/1480#discussion_r1365443501


##########
pom.xml:
##########
@@ -688,6 +688,23 @@
                     <artifactId>maven-war-plugin</artifactId>
                     <version>3.3.2</version>
                 </plugin>
+                <plugin>
+                    <groupId>org.cyclonedx</groupId>
+                    <artifactId>cyclonedx-maven-plugin</artifactId>
+                    <version>2.7.9</version>
+                    <executions>
+                        <execution>
+                            <id>make-bom</id>
+                            <phase>package</phase>

Review Comment:
   @coheigea it seems like the configuration needs tuning here, the plugin kicks off before the every other module in the build and starts downloading all Apache CXF snapshots first.
   
   ```
   [INFO] -------------------------< org.apache.cxf:cxf >-------------------------
   [INFO] Building Apache CXF 3.6.3-SNAPSHOT                               [1/202]
   [INFO]   from pom.xml
   [INFO] --------------------------------[ pom ]---------------------------------
   [INFO]
   [INFO] --- enforcer:3.3.0:enforce (enforce-maven) @ cxf ---
   [INFO] Rule 0: org.apache.maven.enforcer.rules.version.RequireJavaVersion passed
   [INFO] Rule 1: org.apache.maven.enforcer.rules.version.RequireMavenVersion passed
   [INFO] Rule 2: org.apache.maven.enforcer.rules.dependency.BannedDependencies passed
   [INFO]
   [INFO] --- cyclonedx:2.7.9:makeAggregateBom (make-bom) @ cxf ---
   
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@cxf.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] Adding CycloneDX SBOM [cxf]

Posted by "reta (via GitHub)" <gi...@apache.org>.

reta commented on PR #1480:
URL: https://github.com/apache/cxf/pull/1480#issuecomment-1770847248

   @coheigea thanks for this change, I am wondering what it the future plan for it - would we publish the generate SBOM somewhere?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@cxf.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org