Cool, CycloneDX is famous. Look forward! ----------------------------------- Xiangdong Huang
Christofer Dutz <christofer.d...@c-ware.de> 于2023年7月15日周六 22:59写道: > > Well in PLC4X the plugin generates an XML version of the SBOM. > We’re using this plugin: > https://github.com/CycloneDX/cyclonedx-maven-plugin > > Chris > > Von: Xiangdong Huang <saint...@gmail.com> > Datum: Samstag, 15. Juli 2023 um 07:58 > An: dev@iotdb.apache.org <dev@iotdb.apache.org> > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > Hi Chris, > > Look forward! SBOM has also received a lot of attention in China. > Which kind of format/standard it will obey? > > Best, > ----------------------------------- > Xiangdong Huang > > Christofer Dutz <christofer.d...@c-ware.de> 于2023年7月14日周五 21:28写道: > > > > Hi all, > > > > here in Europe we’re currently preparing for quite a bit of an earthquake > > caused by the Cyber-Resiliency-Act. In some projects I’m involved in > > (Mainly PLC4X) I’ve started initiating small changes which could make us > > come out without too many problems. > > > > One thing that seems to be coming up in both the EU as well as the US acts, > > are the requirement to publish SBOM information (Software Bill Of > > Material). As we are also using Maven as a build tool, I’ve got a > > configuration in our poms that ensures an Apache release also produces an > > SBOM, that we will be able to deploy. > > > > Are we interested in adding that to the IoTDB build? > > > > Chris