[ https://issues.apache.org/jira/browse/SYNCOPE-1746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Francesco Chicchiriccò resolved SYNCOPE-1746. --------------------------------------------- Resolution: Fixed > Provide Software Bill Of Materials (SBOM) > ----------------------------------------- > > Key: SYNCOPE-1746 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1746 > Project: Syncope > Issue Type: New Feature > Reporter: Francesco Chicchiriccò > Assignee: Francesco Chicchiriccò > Priority: Major > Fix For: 3.0.3, 4.0.0 > > > This issue aims to publish SBOM artifact [along with the other Apache > projects|https://cwiki.apache.org/confluence/display/COMDEV/SBOM]. > Software Bill of Materials (SBOM) are additional artifacts containing the > aggregate of all direct and transitive dependencies of a project. The US > Government (based on NIST recommendations) currently accepts only the three > most popular SBOM standards as valid, namely: > [CycloneDX|https://cyclonedx.org/], [Software Identification (SWID) > tag|https://csrc.nist.gov/projects/Software-Identification-SWID], [Software > Package Data Exchange® (SPDX)|https://spdx.dev/]. > The [CycloneDX maven > plugin|https://github.com/CycloneDX/cyclonedx-maven-plugin] seems to be fit > for the job. -- This message was sent by Atlassian Jira (v8.20.10#820010)