[
https://issues.apache.org/jira/browse/SYNCOPE-1746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Francesco Chicchiriccò resolved SYNCOPE-1746.
---------------------------------------------
Resolution: Fixed
> Provide Software Bill Of Materials (SBOM)
> -----------------------------------------
>
> Key: SYNCOPE-1746
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1746
> Project: Syncope
> Issue Type: New Feature
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Priority: Major
> Fix For: 3.0.3, 4.0.0
>
>
> This issue aims to publish SBOM artifact [along with the other Apache
> projects|https://cwiki.apache.org/confluence/display/COMDEV/SBOM].
> Software Bill of Materials (SBOM) are additional artifacts containing the
> aggregate of all direct and transitive dependencies of a project. The US
> Government (based on NIST recommendations) currently accepts only the three
> most popular SBOM standards as valid, namely:
> [CycloneDX|https://cyclonedx.org/], [Software Identification (SWID)
> tag|https://csrc.nist.gov/projects/Software-Identification-SWID], [Software
> Package Data Exchange® (SPDX)|https://spdx.dev/].
> The [CycloneDX maven
> plugin|https://github.com/CycloneDX/cyclonedx-maven-plugin] seems to be fit
> for the job.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
