Generating CycloneDX sbom files for ant builds

[Patrick <pa...@gmail.com>]

I'm trying to add Dependency-Track analysis to Jenkins builds. The
Dependency-Track application requires CycloneDX sbom files as input. For
our Gradle projects, this was fairly straightforward as there's a Gradle
plugin that will generate the sbom files. However, I'm struggling with our
many legacy Java projects that we build with Ant / Ant Ivy.

Does anyone know how this can be done? I've not found any utilities to do
it, but maybe I'm missing something. I saw a suggestion that the CycloneDX
maven plugin (located here:
https://github.com/CycloneDX/cyclonedx-maven-plugin) could be used in
conjunction with Ant / Ant Ivy, but I can't figure out how to do that. When
I search for information on making Maven calls from Ant, my search results
are full of pages about how to do the opposite (call Ant from Maven).

I found some pages on Maven Ant Tasks (retired) and its successor Maven
Resolver Ant Tasks, but if I understand correctly that's only for running
the handful of Maven operations in that project.

Any insights would be greatly appreciated.