You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by vy...@apache.org on 2023/10/18 10:27:50 UTC

[logging-parent] branch main updated: Add SBOM support via `cyclonedx-maven-plugin` (apache/logging-log4j2#1707)

This is an automated email from the ASF dual-hosted git repository.

vy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-parent.git


The following commit(s) were added to refs/heads/main by this push:
     new ebc246f  Add SBOM support via `cyclonedx-maven-plugin` (apache/logging-log4j2#1707)
ebc246f is described below

commit ebc246f4d974afb34a507967c4f831ca34fc8333
Author: Volkan Yazıcı <vo...@yazi.ci>
AuthorDate: Wed Oct 18 12:27:23 2023 +0200

    Add SBOM support via `cyclonedx-maven-plugin` (apache/logging-log4j2#1707)
---
 pom.xml                                    | 21 +++++++++++++++++++++
 src/changelog/.10.x.x/add-sbom-support.xml |  8 ++++++++
 src/site/_features.adoc                    |  1 +
 src/site/_release-notes/_10.x.x.adoc       |  4 ++++
 4 files changed, 34 insertions(+)

diff --git a/pom.xml b/pom.xml
index 143ec39..df8d69b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -184,6 +184,7 @@
     <beanshell-maven-plugin.version>1.4</beanshell-maven-plugin.version>
     <bnd-maven-plugin.version>6.4.0</bnd-maven-plugin.version>
     <build-helper-maven-plugin.version>3.4.0</build-helper-maven-plugin.version>
+    <cyclonedx-maven-plugin.version>2.7.9</cyclonedx-maven-plugin.version>
     <error-prone.version>2.22.0</error-prone.version>
     <findsecbugs-plugin.version>1.12.0</findsecbugs-plugin.version>
     <flatten-maven-plugin.version>1.5.0</flatten-maven-plugin.version>
@@ -292,6 +293,12 @@
           <version>${build-helper-maven-plugin.version}</version>
         </plugin>
 
+        <plugin>
+          <groupId>org.cyclonedx</groupId>
+          <artifactId>cyclonedx-maven-plugin</artifactId>
+          <version>${cyclonedx-maven-plugin.version}</version>
+        </plugin>
+
       </plugins>
     </pluginManagement>
 
@@ -394,6 +401,20 @@
         </configuration>
       </plugin>
 
+      <plugin>
+        <groupId>org.cyclonedx</groupId>
+        <artifactId>cyclonedx-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>generate-sbom</id>
+            <goals>
+              <goal>makeAggregateBom</goal>
+            </goals>
+            <phase>package</phase>
+          </execution>
+        </executions>
+      </plugin>
+
       <!-- Ensure that version for each dependency resolved during a build, is equal to or higher than all transitive dependency declarations.
            A failure here requires adding the dependency to the dependency management. -->
       <plugin>
diff --git a/src/changelog/.10.x.x/add-sbom-support.xml b/src/changelog/.10.x.x/add-sbom-support.xml
new file mode 100644
index 0000000..61fa9d9
--- /dev/null
+++ b/src/changelog/.10.x.x/add-sbom-support.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns="http://logging.apache.org/log4j/changelog"
+       xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.1.xsd"
+       type="added">
+  <author id="github:vy"/>
+  <description format="asciidoc">Added support for auto-generating CycloneDX Software Bill of Materials (SBOM)</description>
+</entry>
diff --git a/src/site/_features.adoc b/src/site/_features.adoc
index d326b82..34e4eaa 100644
--- a/src/site/_features.adoc
+++ b/src/site/_features.adoc
@@ -32,6 +32,7 @@ The provided parent POM features the following conveniences:
 * https://maven.apache.org/enforcer/maven-enforcer-plugin/[`maven-enforcer-plugin`] checks
 * https://github.com/diffplug/spotless/tree/main/plugin-maven[`spotless-maven-plugin`] integration for code formatting
 * https://github.com/bndtools/bnd/blob/master/maven-plugins/bnd-maven-plugin/README.md[`bnd-maven-plugin`] integration for auto-generating OSGi and JPMS descriptors
+* https://github.com/CycloneDX/cyclonedx-maven-plugin[`cyclonedx-maven-plugin`] integration for auto-generating Software Bill of Materials (SBOM)
 * https://asciidoc.org/[AsciiDoc]-based site generation
 
 [#reusable-workflows]
diff --git a/src/site/_release-notes/_10.x.x.adoc b/src/site/_release-notes/_10.x.x.adoc
index bc7c806..72c2521 100644
--- a/src/site/_release-notes/_10.x.x.adoc
+++ b/src/site/_release-notes/_10.x.x.adoc
@@ -41,6 +41,10 @@
 This minor release contains several small improvements.
 
 
+==== Added
+
+* Added support for auto-generating CycloneDX Software Bill of Materials (SBOM)
+
 ==== Changed
 
 * Update `actions/checkout` to version `4.1.1` (https://github.com/apache/logging-parent/pull/48[1562197994])