Re: [PR] Cyclonedx [ant]

via GitHub Sun, 07 Jun 2026 13:04:53 -0700


bodewig commented on code in PR #233:
URL: https://github.com/apache/ant/pull/233#discussion_r3370000583



##########
sboms/ant-1.10.18alpha-cyclonedx.json:
##########
@@ -0,0 +1,355 @@
+{
+  "bomFormat" : "CycloneDX",
+  "specVersion" : "1.6",
+  "serialNumber" : "urn:uuid:2b3c6004-1754-4985-bbf1-27f088f2b856",
+  "version" : 1,
+  "metadata" : {
+    "timestamp" : "2026-06-07T12:52:38Z",
+    "lifecycles" : [
+      {
+        "phase" : "build"
+      }
+    ],
+    "tools" : {
+      "components" : [
+        {
+          "type" : "library",
+          "supplier" : {
+            "name" : "Apache Ant Project Management Committee",
+            "url" : [
+              "https://ant.apache.org/";
+            ]
+          },
+          "manufacturer" : {
+            "name" : "Apache Ant Project Management Committee",
+            "url" : [
+              "https://ant.apache.org/";
+            ]
+          },
+          "publisher" : "The Apache Software Foundation",
+          "group" : "org.apache.ant",
+          "name" : "ant-cyclonedx",
+          "version" : "0.1",
+          "description" : "Apache CycloneDX Antlib",
+          "licenses" : [
+            {
+              "license" : {
+                "id" : "Apache-2.0",
+                "url" : "https://www.apache.org/licenses/LICENSE-2.0.txt";
+              }
+            }
+          ],
+          "purl" : "pkg:maven/org.apache.ant/[email protected]?type=jar",
+          "externalReferences" : [
+            {
+              "type" : "vcs",
+              "url" : 
"https://gitbox.apache.org/repos/asf/ant-antlibs-cyclonedx.git";
+            },
+            {
+              "type" : "license",
+              "url" : "https://www.apache.org/licenses/LICENSE-2.0.txt";
+            },
+            {
+              "type" : "build-system",
+              "url" : 
"https://ci-builds.apache.org/job/Ant/job/CycloneDX%20Antlib/";

Review Comment:
   no external link is mandatory at all. I thought I'd put in as many as we can 
reasonably fill.
   
   What you say about the CI system may also be true for the Bug-Tracker. I 
could change things to stop at the level of the Ant project rather than the 
individual component. Or even at the system level itself (i.e. 
ci-builds.apache.org and issues.apache.org).
   
   The concrete line you commented on comes from the released ant-cyclonedx 
library and can only be modified with a new release, but I believe we are 
talking about the links in general.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] Cyclonedx [ant]

Reply via email to