You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2022/08/07 16:17:18 UTC

[commons-parent] branch master updated: Added SBOM generation (#122)

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-parent.git


The following commit(s) were added to refs/heads/master by this push:
     new a60b06a  Added SBOM generation (#122)
a60b06a is described below

commit a60b06a7fab971e9479e5966fb692290f14588fc
Author: Steve Springett <st...@springett.us>
AuthorDate: Sun Aug 7 11:17:13 2022 -0500

    Added SBOM generation (#122)
    
    Added CycloneDX SBOM generation. CycloneDX is a OWASP Bill of Materials standard purpose-built for cybersecurity use cases. It exceeds the minimum requirements necessary to comply with EO 14028.
---
 pom.xml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/pom.xml b/pom.xml
index 0943a60..c8ee9b7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,6 +132,7 @@
     <commons.compiler.version>3.10.1</commons.compiler.version>
     <commons.coveralls.version>4.3.0</commons.coveralls.version>
     <commons.coveralls.timestampFormat>EpochMillis</commons.coveralls.timestampFormat>
+    <commons.cyclonedx.version>2.7.0</commons.cyclonedx.version>
     <commons.failsafe.version>2.22.2</commons.failsafe.version>
     <commons.felix.version>5.1.8</commons.felix.version>
     <commons.jacoco.version>0.8.8</commons.jacoco.version>
@@ -824,6 +825,33 @@
             </dependency>
           </dependencies>
         </plugin>
+        <plugin>
+          <groupId>org.cyclonedx</groupId>
+          <artifactId>cyclonedx-maven-plugin</artifactId>
+          <version>${commons.cyclonedx.version}</version>
+          <executions>
+            <execution>
+              <phase>package</phase>
+              <goals>
+                <goal>makeAggregateBom</goal>
+              </goals>
+            </execution>
+          </executions>
+          <configuration>
+            <projectType>library</projectType>
+            <schemaVersion>1.4</schemaVersion>
+            <includeBomSerialNumber>true</includeBomSerialNumber>
+            <includeCompileScope>true</includeCompileScope>
+            <includeProvidedScope>true</includeProvidedScope>
+            <includeRuntimeScope>true</includeRuntimeScope>
+            <includeSystemScope>true</includeSystemScope>
+            <includeTestScope>false</includeTestScope>
+            <includeLicenseText>false</includeLicenseText>
+            <outputReactorProjects>true</outputReactorProjects>
+            <outputFormat>all</outputFormat>
+            <outputName>${project.artifactId}-${project.version}-bom</outputName>
+          </configuration>
+        </plugin>
       </plugins>
     </pluginManagement>
     <plugins>
@@ -1060,6 +1088,10 @@
         <groupId>org.codehaus.mojo</groupId>
         <artifactId>versions-maven-plugin</artifactId>
       </plugin>
+      <plugin>
+        <groupId>org.cyclonedx</groupId>
+        <artifactId>cyclonedx-maven-plugin</artifactId>
+      </plugin>
     </plugins>
   </build>