Hi all I've more or less finished the release process yesterday.
https://repository.apache.org/content/repositories/orgapacheant-1068/org/apache/ant/ant-cyclonedx/0.1alpha/ is a staging repository (that I'm going to drop. of course) where you can see Ivy publishing the SBOMs alongside the jar. The SBOMs are created from the "create-antlib-sbom" target in https://github.com/apache/ant-antlibs-cyclonedx/blob/main/build.xml . I've got a few more tweaks to the SBOMs' contents. I plan to resolve the remaining transitive jackson dependencies manually and add components for the jars contained inside the binary releases. But in general things seem to work. The next step will be to create a branch in Ant's repo to try out the Antlib for Ant itself. I already found a bug while setting up the SBOM for the Antlib, dog-fooding is working here. The manual creation is cumbersome but acceptable for Ant, I guess. The Ivy based addition is going to help. What also helps is that many components already publish SBOMs and I can leverage those b yjust linking them instead of copying stuff. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
