Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request]: Integrate CycloneDX Plugin for SBOM Generation #4235

Closed
dsanderbi opened this issue Aug 22, 2024 · 2 comments
Closed

[Feature Request]: Integrate CycloneDX Plugin for SBOM Generation #4235

dsanderbi opened this issue Aug 22, 2024 · 2 comments
Assignees
@hansva
Labels
new feature Other P2 Default Priority
Milestone
2.10

Comments

@dsanderbi
Copy link
Contributor

What would you like to happen?

I suggest integrating the org.cyclonedx Maven Plugin into Apache Hop to facilitate the generation of Software Bill of Materials (SBOM) files.

It would be highly beneficial if the generated SBOM file could be included in every release package.

<plugin>
    <groupId>org.cyclonedx</groupId>
    <artifactId>cyclonedx-maven-plugin</artifactId>
    <version>2.8.1</version>
    <configuration>
        <projectType>library</projectType>
        <schemaVersion>1.5</schemaVersion>
        <includeBomSerialNumber>true</includeBomSerialNumber>
        <includeCompileScope>true</includeCompileScope>
        <includeProvidedScope>true</includeProvidedScope>
        <includeRuntimeScope>true</includeRuntimeScope>
        <includeSystemScope>true</includeSystemScope>
        <includeTestScope>false</includeTestScope>
        <includeLicenseText>false</includeLicenseText>
        <outputReactorProjects>true</outputReactorProjects>
        <outputFormat>json</outputFormat>
        <outputName>bom</outputName>
        <outputDirectory>${project.build.directory}</outputDirectory>
        <verbose>false</verbose>
    </configuration>
    <executions>
        <execution>
            <goals>
                <goal>makeAggregateBom</goal>
            </goals>
            <phase>package</phase>
        </execution>
    </executions>
</plugin>

Issue Priority

Priority: 2

Issue Component

Component: Other
@github-actions github-actions bot added P2 Default Priority Other labels Aug 22, 2024
@hansva
Copy link
Contributor

hansva commented Aug 22, 2024

Great idea!
.take-issue

@github-actions github-actions bot added this to the 2.10 milestone Aug 22, 2024
hansva added a commit to hansva/hop that referenced this issue Aug 26, 2024
@hansva
Add Cyclonedx SBOM during release, apache#4235
55eace1
@hansva
Copy link
Contributor

hansva commented Aug 26, 2024

Added the cyclonedx maven plugin to generate SBOM files.

Placed the plugin into a profile that will only be executed during our release process.
The SBOM generation does take quite some additional CPU time.

hansva added a commit that referenced this issue Aug 26, 2024
@hansva
Merge pull request #4244 from hansva/4235
3b305e9 
Add Cyclonedx SBOM during release, #4235
@hansva hansva closed this as completed Aug 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hansva hansva

Labels
new feature Other P2 Default Priority
Projects
None yet
Milestone
2.10
Development

No branches or pull requests
2 participants
@hansva @dsanderbi