Francesco Chicchiriccò created SYNCOPE-1746: -----------------------------------------------
Summary: Provide Software Bill Of Materials (SBOM) Key: SYNCOPE-1746 URL: https://issues.apache.org/jira/browse/SYNCOPE-1746 Project: Syncope Issue Type: New Feature Reporter: Francesco Chicchiriccò Assignee: Francesco Chicchiriccò Fix For: 3.0.3, 4.0.0 This issue aims to publish SBOM artifact [along with the other Apache projects|https://cwiki.apache.org/confluence/display/COMDEV/SBOM]. Software Bill of Materials (SBOM) are additional artifacts containing the aggregate of all direct and transitive dependencies of a project. The US Government (based on NIST recommendations) currently accepts only the three most popular SBOM standards as valid, namely: [CycloneDX|https://cyclonedx.org/], [Software Identification (SWID) tag|https://csrc.nist.gov/projects/Software-Identification-SWID], [Software Package Data Exchange® (SPDX)|https://spdx.dev/]. The [CycloneDX maven plugin|https://github.com/CycloneDX/cyclonedx-maven-plugin] seems to be fit for the job. -- This message was sent by Atlassian Jira (v8.20.10#820010)