You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2022/08/07 16:17:18 UTC
[commons-parent] branch master updated: Added SBOM generation (#122)
This is an automated email from the ASF dual-hosted git repository.
ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-parent.git
The following commit(s) were added to refs/heads/master by this push:
new a60b06a Added SBOM generation (#122)
a60b06a is described below
commit a60b06a7fab971e9479e5966fb692290f14588fc
Author: Steve Springett <st...@springett.us>
AuthorDate: Sun Aug 7 11:17:13 2022 -0500
Added SBOM generation (#122)
Added CycloneDX SBOM generation. CycloneDX is a OWASP Bill of Materials standard purpose-built for cybersecurity use cases. It exceeds the minimum requirements necessary to comply with EO 14028.
---
pom.xml | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/pom.xml b/pom.xml
index 0943a60..c8ee9b7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,6 +132,7 @@
<commons.compiler.version>3.10.1</commons.compiler.version>
<commons.coveralls.version>4.3.0</commons.coveralls.version>
<commons.coveralls.timestampFormat>EpochMillis</commons.coveralls.timestampFormat>
+ <commons.cyclonedx.version>2.7.0</commons.cyclonedx.version>
<commons.failsafe.version>2.22.2</commons.failsafe.version>
<commons.felix.version>5.1.8</commons.felix.version>
<commons.jacoco.version>0.8.8</commons.jacoco.version>
@@ -824,6 +825,33 @@
</dependency>
</dependencies>
</plugin>
+ <plugin>
+ <groupId>org.cyclonedx</groupId>
+ <artifactId>cyclonedx-maven-plugin</artifactId>
+ <version>${commons.cyclonedx.version}</version>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>makeAggregateBom</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <projectType>library</projectType>
+ <schemaVersion>1.4</schemaVersion>
+ <includeBomSerialNumber>true</includeBomSerialNumber>
+ <includeCompileScope>true</includeCompileScope>
+ <includeProvidedScope>true</includeProvidedScope>
+ <includeRuntimeScope>true</includeRuntimeScope>
+ <includeSystemScope>true</includeSystemScope>
+ <includeTestScope>false</includeTestScope>
+ <includeLicenseText>false</includeLicenseText>
+ <outputReactorProjects>true</outputReactorProjects>
+ <outputFormat>all</outputFormat>
+ <outputName>${project.artifactId}-${project.version}-bom</outputName>
+ </configuration>
+ </plugin>
</plugins>
</pluginManagement>
<plugins>
@@ -1060,6 +1088,10 @@
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
</plugin>
+ <plugin>
+ <groupId>org.cyclonedx</groupId>
+ <artifactId>cyclonedx-maven-plugin</artifactId>
+ </plugin>
</plugins>
</build>