Francesco Chicchiriccò created SYNCOPE-1746:
-----------------------------------------------

             Summary: Provide Software Bill Of Materials (SBOM)
                 Key: SYNCOPE-1746
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1746
             Project: Syncope
          Issue Type: New Feature
            Reporter: Francesco Chicchiriccò
            Assignee: Francesco Chicchiriccò
             Fix For: 3.0.3, 4.0.0


This issue aims to publish SBOM artifact [along with the other Apache 
projects|https://cwiki.apache.org/confluence/display/COMDEV/SBOM].

Software Bill of Materials (SBOM) are additional artifacts containing the 
aggregate of all direct and transitive dependencies of a project. The US 
Government (based on NIST recommendations) currently accepts only the three 
most popular SBOM standards as valid, namely: 
[CycloneDX|https://cyclonedx.org/], [Software Identification (SWID) 
tag|https://csrc.nist.gov/projects/Software-Identification-SWID], [Software 
Package Data Exchange® (SPDX)|https://spdx.dev/].

The [CycloneDX maven 
plugin|https://github.com/CycloneDX/cyclonedx-maven-plugin] seems to be fit for 
the job.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to