Hi Michael, On 22.09.2025 16:55, Michael Bouschen wrote: > Do you know whether there are any plans to publish SBOM files at the ASF? > If yes, do you know where they are published and is there a specific > process for this?
Sorry for the delayed response: I missed your email earlier. Yes, there are plans to publish SBOMs via the Apache Trusted Releases system currently being developed by the Apache Tooling team. In Apache Logging, we already have an automated release pipeline up to the point where we submit the release candidate to Nexus and Subversion. Once Apache Trusted Releases moves beyond the alpha stage, we plan to upgrade our pipeline to use it. After that, we’ll be able to help other Maven-based projects adopt the same approach. Best regards, Piotr
