You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by vy...@apache.org on 2023/10/18 10:27:50 UTC
[logging-parent] branch main updated: Add SBOM support via `cyclonedx-maven-plugin` (apache/logging-log4j2#1707)
This is an automated email from the ASF dual-hosted git repository.
vy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/logging-parent.git
The following commit(s) were added to refs/heads/main by this push:
new ebc246f Add SBOM support via `cyclonedx-maven-plugin` (apache/logging-log4j2#1707)
ebc246f is described below
commit ebc246f4d974afb34a507967c4f831ca34fc8333
Author: Volkan Yazıcı <vo...@yazi.ci>
AuthorDate: Wed Oct 18 12:27:23 2023 +0200
Add SBOM support via `cyclonedx-maven-plugin` (apache/logging-log4j2#1707)
---
pom.xml | 21 +++++++++++++++++++++
src/changelog/.10.x.x/add-sbom-support.xml | 8 ++++++++
src/site/_features.adoc | 1 +
src/site/_release-notes/_10.x.x.adoc | 4 ++++
4 files changed, 34 insertions(+)
diff --git a/pom.xml b/pom.xml
index 143ec39..df8d69b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -184,6 +184,7 @@
<beanshell-maven-plugin.version>1.4</beanshell-maven-plugin.version>
<bnd-maven-plugin.version>6.4.0</bnd-maven-plugin.version>
<build-helper-maven-plugin.version>3.4.0</build-helper-maven-plugin.version>
+ <cyclonedx-maven-plugin.version>2.7.9</cyclonedx-maven-plugin.version>
<error-prone.version>2.22.0</error-prone.version>
<findsecbugs-plugin.version>1.12.0</findsecbugs-plugin.version>
<flatten-maven-plugin.version>1.5.0</flatten-maven-plugin.version>
@@ -292,6 +293,12 @@
<version>${build-helper-maven-plugin.version}</version>
</plugin>
+ <plugin>
+ <groupId>org.cyclonedx</groupId>
+ <artifactId>cyclonedx-maven-plugin</artifactId>
+ <version>${cyclonedx-maven-plugin.version}</version>
+ </plugin>
+
</plugins>
</pluginManagement>
@@ -394,6 +401,20 @@
</configuration>
</plugin>
+ <plugin>
+ <groupId>org.cyclonedx</groupId>
+ <artifactId>cyclonedx-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>generate-sbom</id>
+ <goals>
+ <goal>makeAggregateBom</goal>
+ </goals>
+ <phase>package</phase>
+ </execution>
+ </executions>
+ </plugin>
+
<!-- Ensure that version for each dependency resolved during a build, is equal to or higher than all transitive dependency declarations.
A failure here requires adding the dependency to the dependency management. -->
<plugin>
diff --git a/src/changelog/.10.x.x/add-sbom-support.xml b/src/changelog/.10.x.x/add-sbom-support.xml
new file mode 100644
index 0000000..61fa9d9
--- /dev/null
+++ b/src/changelog/.10.x.x/add-sbom-support.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<entry xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://logging.apache.org/log4j/changelog"
+ xsi:schemaLocation="http://logging.apache.org/log4j/changelog https://logging.apache.org/log4j/changelog-0.1.1.xsd"
+ type="added">
+ <author id="github:vy"/>
+ <description format="asciidoc">Added support for auto-generating CycloneDX Software Bill of Materials (SBOM)</description>
+</entry>
diff --git a/src/site/_features.adoc b/src/site/_features.adoc
index d326b82..34e4eaa 100644
--- a/src/site/_features.adoc
+++ b/src/site/_features.adoc
@@ -32,6 +32,7 @@ The provided parent POM features the following conveniences:
* https://maven.apache.org/enforcer/maven-enforcer-plugin/[`maven-enforcer-plugin`] checks
* https://github.com/diffplug/spotless/tree/main/plugin-maven[`spotless-maven-plugin`] integration for code formatting
* https://github.com/bndtools/bnd/blob/master/maven-plugins/bnd-maven-plugin/README.md[`bnd-maven-plugin`] integration for auto-generating OSGi and JPMS descriptors
+* https://github.com/CycloneDX/cyclonedx-maven-plugin[`cyclonedx-maven-plugin`] integration for auto-generating Software Bill of Materials (SBOM)
* https://asciidoc.org/[AsciiDoc]-based site generation
[#reusable-workflows]
diff --git a/src/site/_release-notes/_10.x.x.adoc b/src/site/_release-notes/_10.x.x.adoc
index bc7c806..72c2521 100644
--- a/src/site/_release-notes/_10.x.x.adoc
+++ b/src/site/_release-notes/_10.x.x.adoc
@@ -41,6 +41,10 @@
This minor release contains several small improvements.
+==== Added
+
+* Added support for auto-generating CycloneDX Software Bill of Materials (SBOM)
+
==== Changed
* Update `actions/checkout` to version `4.1.1` (https://github.com/apache/logging-parent/pull/48[1562197994])