Author: bodewig
Date: Sun May 17 08:41:11 2026
New Revision: 1934284
Log:
add preliminary version of cyclonedx antlib manual
Added:
ant/site/ant/production/antlibs/cyclonedx/manual/
ant/site/ant/production/antlibs/cyclonedx/manual/component.html (contents,
props changed)
ant/site/ant/production/antlibs/cyclonedx/manual/componentbom.html
(contents, props changed)
ant/site/ant/production/antlibs/cyclonedx/manual/externalreferenceset.html
(contents, props changed)
ant/site/ant/production/antlibs/cyclonedx/manual/index.html (contents,
props changed)
ant/site/ant/production/antlibs/cyclonedx/manual/license.html (contents,
props changed)
ant/site/ant/production/antlibs/cyclonedx/manual/organization.html
(contents, props changed)
ant/site/ant/production/antlibs/cyclonedx/manual/style.css (contents,
props changed)
Modified:
ant/site/ant/production/antlibs/cyclonedx/index.html
ant/site/ant/sources/antlibs/cyclonedx/index.xml
Modified: ant/site/ant/production/antlibs/cyclonedx/index.html
==============================================================================
--- ant/site/ant/production/antlibs/cyclonedx/index.html Sun May 17
08:30:25 2026 (r1934283)
+++ ant/site/ant/production/antlibs/cyclonedx/index.html Sun May 17
08:41:11 2026 (r1934284)
@@ -195,6 +195,11 @@
for Ant projects using manual dependency management. A
corresponding library for projects using <a
href="https://ant.apache.org/ivy/";>Apache Ivy</a> is
planned.</p>
+ <h3 class="section">
+ <a name="Current Manual"></a>
+ Current Manual
+ </h3>
+ <p>The pre-release manual can be found <a
href="manual/">here</a>.</p>
</div>
</div>
Added: ant/site/ant/production/antlibs/cyclonedx/manual/component.html
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ ant/site/ant/production/antlibs/cyclonedx/manual/component.html Sun May
17 08:41:11 2026 (r1934284)
@@ -0,0 +1,374 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <meta http-equiv="Content-Language" content="en-us"></meta>
+ <link rel="stylesheet" type="text/css" href="style.css">
+ <title>Apache CycloneDX Ant Library - component</title>
+ </head>
+
+ <body>
+ <h2 id="component">component</h2>
+
+ <p>Components are central to CycloneDX SBOMs. There is <b>the</b>
+ component the whole SBOM is about - and there are more
+ components specified inside the SBOM as (transitive)
+ dependencies or parts of the other components.</p>
+
+ <p>The component elements can be used as top-level elements and be
+ given an id so they can be later referred to via
+ the <code>refid</code> attribute -
+ see <a href="https://ant.apache.org/manual/using.html#references";>the
+ Ant manual</a>. The can also be referred to by
+ a <a href="#dependency">dependency</a> of another component
+ via <code>componentRef</code>.</p>
+
+ <h3>Attributes</h3>
+
+ <table class="attr">
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Description</th>
+ <th scope="col">Required</th>
+ </tr>
+ <tr>
+ <td>name</td>
+ <td>The name of the component.</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>type</td>
+ <td>The type of the component. Valid types are defined by the
+ <a
href="https://cyclonedx.org/docs/1.7/json/#metadata_tools_oneOf_i0_components_items_type";>CycloneDX
+ specification</a>.</td>
+ <td>No, the default is "library"</td>
+ </tr>
+ <tr>
+ <td>group</td>
+ <td>The group of the component.</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>version</td>
+ <td>The version of the component.</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>purl</td>
+ <td>The <a href="https://github.com/package-url/purl-spec";>Package-URL
+ (purl)</a> of the component.</td>
+ <td>No - if not set but <code>name</code>, <code>group</code>
+ and <code>version</code> are present an implicit purl is
+ calculated as <code>pkg:maven</code> jar purl from these
+ values.</td>
+ </tr>
+ <tr>
+ <td>bomRef</td>
+ <td>The bom-ref of the component.</td>
+ <td>No - if not set, the component's - potentially calculated
+ - purl will be used.</td>
+ </tr>
+ <tr>
+ <td>scope</td>
+ <td>The scope of the component. Valid scopes are defined by the
+ <a
href="https://cyclonedx.org/docs/1.7/json/#metadata_tools_oneOf_i0_components_items_scope";>CycloneDX
+ specification</a>.</td>
+ <td>No, <code>scope</code> is prohibited for the main
+ component of the SBOM.</td>
+ </tr>
+ <tr>
+ <td>isExternal</td>
+ <td>Whether the component is external. The CycloneDX
+ Specification says:
+ <cite>An external component is one that is not part of an
+ assembly, but is expected to be provided by the
+ environment, regardless of the component's
+ scope.</cite><br/>
+ This attribute doesn't have any effect as long as CycloneDX
+ Core doesn't support version 1.7 of the specification.
+ </td>
+ <td>No, <code>isExternal</code> must not be <code>true</code>
+ for the main component of the SBOM.</td>
+ </tr>
+ <tr>
+ <td>description</td>
+ <td>The description of the component.</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>publisher</td>
+ <td>The publisher of the component.</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>copyright</td>
+ <td>The copyright of the component.</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>mimetype</td>
+ <td>The MIME-type of the component.</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>manufacturerIsSupplier</td>
+ <td>Whether the
+ nested <a href="#manufacturer">manufacturer</a> shall be used
+ as supplier as well.</td>
+ <td>No - defaults to <code>false</code>. Must not
+ be <code>true</code> if a
+ nested <a href="#supplier">supplier</a> exists.</td>
+ </tr>
+ <tr>
+ <td>unknownDependencies</td>
+ <td>Whether the dependencies of this component are unknown. If
+ set to <code>false</code> then a component without any
+ nested
+ <a href="#dependency">dependency</a> elements is treated as
+ having no dependencies at all. </td>
+ <td>No - defaults to <code>false</code>.</td>
+ </tr>
+ </table>
+
+ <h3>Nested elements</h3>
+
+ <h4>any
+ file-system <a
href="https://ant.apache.org/manual/Types/resources.html";>resource</a></h4>
+
+ <p>At most one nested resource specifies the file the component
+ describes. This is required if you want to include hashes for
+ the component in your SBOM.</p>
+
+ <h4 id="sbomLink">sbomLink</h4>
+
+ <p>At most one resource can be specified
+ as <code>sbomLink</code>. When present the referenced resource is
+ read as CycloneDX SBOM and:</p>
+
+ <ul>
+ <li><code>type</code>, <code>name</code>, <code>group</code>,
<code>version</code>,
+ <code>purl</code>, <code>bomRef</code>, <code>scope</code>,
+ <code>decription</code>, <code>publisher</code>, <code>copright</code>,
+ <code>mimeType</code> and <code>manufacturer</code> are taken
+ from the SBOM's metadata component unless they are explicitly
+ specified on the component element itself.</li>
+ <li><code>supplier</code> is taken from the SBOM's metadata
+ component unless it is explicitly specified on the component
+ element itself or <code>manufacturerissupplier</code>
+ is <code>true</code>.</li>
+ <li>Tags are merged wiht those of the SBOM's metadata
+ component.</li>
+ <li><code>author</code>s, <code>license</code>s,
<code>exteranlReference</code>s,
+ <code>dependency</code>s and nested <code>components</code>
+ are taken from the SBOM's metadata component if and only if
+ there is no corresponding element in this component
+ element.</li>
+ <li>Hashes of the linked SBOM are ignored completely.</li>
+ <li>Other components specified in the linked SBOM are also added
+ to the SBOM created by the compomentbom task if they are
+ direct dependencies of the current component element. And
+ their dependencies are set to "unknown" as handling of
+ transitive dependencies is beyond the scope of this
+ library.<br/>
+ Components specified explicitly in the SBOM take precedence
+ over those found by parsing an SBOM link. If there already
+ exists a component as part of the SBOM with the same name and
+ group as one read from the linked SBOM, the linked component
+ will be ignored. Here the version is ignored, it is assumed
+ the component explicitly specified is the result of a process
+ that resolved conflicts in dependency versions.
+ </li>
+ </ul>
+
+ <p>The <a hre="https://github.com/CycloneDX/cyclonedx-core-java";>CycloneDX
+ Core (Java) library</a> is used to read the linked SBOM.</p>
+
+ <h4 id="manufacturer">manufacturer</h4>
+
+ <p>At most one nested <a href="organization.html">organization</a>
+ specifies the manufacturer of the component.</p>
+
+ <h4 id="supplier">supplier</h4>
+
+ <p>At most one nested <a href="organization.html">organization</a>
+ specifies the supplier of the component.</p>
+
+ <h4>author</h4>
+
+ <p>Adds an author to the component.</p>
+
+ <h5>Attributes</h5>
+
+ <table class="attr">
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Description</th>
+ <th scope="col">Required</th>
+ </tr>
+ <tr>
+ <td>bomRef</td>
+ <td>The bom-ref of the author.</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>name</td>
+ <td>The name of the author.</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>email</td>
+ <td>The email of the author.</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>phone</td>
+ <td>The phone of the author.</td>
+ <td>No</td>
+ </tr>
+ </table>
+
+ <h4>tag</h4>
+
+ <p>Adds a tag to the component. Tags haven't got any attributes or
+ nested elements, the nested text is used as tag.</p>
+
+ <h4>property</h4>
+
+ <p>Adds a property to the component.</p>
+
+ <h5>Attributes</h5>
+
+ <table class="attr">
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Description</th>
+ <th scope="col">Required</th>
+ </tr>
+ <tr>
+ <td>name</td>
+ <td>The name of the property.</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>value</td>
+ <td>The value of the property.</td>
+ <td>No</td>
+ </tr>
+ </table>
+
+ <h4>license</h4>
+
+ <p>A nested <a href="license.html">license</a> specifies the
+ license information of the component.</p>
+
+ <h4>externalReference</h4>
+
+ <p>A
+ nested <a
href="externalreferenceset.html#externalReference">externalReference</a>
+ specifies an external reference for the component.</p>
+
+ <h4>externalReferenceSet</h4>
+
+ <p>A
+ nested <a href="externalreferenceset.html">externalreferenceset</a>
+ specifies external references for the component.</p>
+
+ <h4 id="dependency">dependency</h4>
+
+ <p>Adds a dependency to the component.</p>
+
+ <p>Inside the SBOM both the dependee and the dependency side are
+ identified by their bom-ref. Therefore nested dependency children
+ are only allowed in components that provide a bom-ref - either via
+ an explicit <code>bomRef</code> attribute or an explicit or
+ calculated <code>purl</code>.</p>
+
+ <h5>Attributes</h5>
+
+ <table class="attr">
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Description</th>
+ <th scope="col">Required</th>
+ </tr>
+ <tr>
+ <td>bomRef</td>
+ <td>References the dependency by
+ its <code>bom-ref</code>.</td>
+ <td rowspan="2">Exactly one of the two.</td>
+ </tr>
+ <tr>
+ <td>componentRef</td>
+ <td>References the dependency by its Ant <code>id</code>
+ attribute. The referenced component must have
+ a <code>bom-ref</code>.</td>
+ </tr>
+ </table>
+
+ <h4 id="component">component</h4>
+
+ <p>Adds a nested component to the component.</p>
+
+ <p>Nested components can be used to represent a hierarchy of
+ components into sub-components and so on.</p>
+
+ <p>Components can be added as full elements or via
+ the <code>refid</code> attribute as references to components
+ defined elsewhere in the build file. Ant verifies this doesn't
+ cause a circular dependency between a component and one higher
+ up in the hierarchy.</p>
+
+ <h3>Examples</h3>
+
+ <p>Below is a component that could describe this Antlib.</p>
+
+ <pre>
+ <cdx:component
+ name="ant"
+ group="org.apache.ant"
+ version="1.10.17"
+ isExternal="true"
+ unknownDependencies="true"
+ id="ant"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <manufacturer refid="ant-team"/>
+ <license refid="apache-2"/>
+ <externalReference
+ type="VCS"
+ url="https://github.com/apache/ant"/>
+ <externalReference
+ type="WEBSITE"
+ url="https://ant.apache.org/"/>
+ </cdx:component>
+ <cdx:component
+ name="ant-cyclonedx"
+ group="org.apache.ant"
+ version="0.1"
+ description="Apache CycloneDX Antlib"
+ publisher="The Apache Software Foundation"
+ manufacturerIsSupplier="true"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <file file="ant-antlibs-cyclonedx-0.1.jar"/>
+ <manufacturer refid="ant-team"/>
+ <license refid="apache-2"/>
+ <externalReferenceSet refid="antlib-ext-refs"/>
+ <dependency componentRef="ant"/>
+ <dependency
bomRef="pkg:maven/org.cyclonedx/[email protected]?type=jar"/>
+ </cdx:component>
+ </pre>
+ </body>
+</html>
Added: ant/site/ant/production/antlibs/cyclonedx/manual/componentbom.html
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ ant/site/ant/production/antlibs/cyclonedx/manual/componentbom.html Sun May
17 08:41:11 2026 (r1934284)
@@ -0,0 +1,193 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <meta http-equiv="Content-Language" content="en-us"></meta>
+ <link rel="stylesheet" type="text/css" href="style.css">
+ <title>Apache CycloneDX Ant Library - componentbom Task</title>
+ </head>
+
+ <body>
+ <h2 id="componentbom">componentbom Task</h2>
+
+ <p>The <code>compomentbom</code> task creates CycloneDX SBOMs for
+ a component ind the formats supported by
+ the <a href="https://github.com/CycloneDX/cyclonedx-core-java";>CycloneDX
+ Core (Java)</a> library.</p>
+
+ <p>As a minimum a single nested <code>component</code> element is
+ required that specifies the component to create an SBOM
+ for.</p>
+
+ <p>Components that get "resolved" because they specify
+ an <code>sbomLink</code> can add more components to the SBOM than
+ are specified explicitly via the child elements of this
+ task.</p>
+
+ <p>It is an error if any component specifies a dependency on a
+ component that is not part of the generated SBOM.</p>
+
+ <h3>Attributes</h3>
+
+ <table class="attr">
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Description</th>
+ <th scope="col">Required</th>
+ </tr>
+ <tr>
+ <td>specVersion</td>
+ <td>Version of the CycloneDX specification for the generated
+ SBOM. This can be specified as number (like "1.6") or one of
+ the enum constants of the <code>org.cyclonedx.Version</code>
+ type (i.e. like "VERSION_16").<br/>
+ The supported values depend on the CycloneDX Core (Java)
+ library version used.
+ </td>
+ <td>No, defaults to "1.6" in the current version of the Ant
+ library but this may change in future versions.</td>
+ </tr>
+ <tr>
+ <td>format</td>
+ <td>The format of the SBOM(s) to write. May be "json", "xml"
+ (or rather the enum constants of
+ the <code>org.cyclonedx.Format</code> type and their file
+ extensions) or the special value "all". <br/>
+ For spec version 1.2 and later "all" means both "json" and
+ "xml" (so the task will create two files), for "1.0" and
+ "1.1" it is equivalent to "xml".<br/>
+ The supported values depend on the CycloneDX Core (Java)
+ library version used.
+ </td>
+ <td>No, defaults to "json".</td>
+ </tr>
+ <tr>
+ <td>bomName</td>
+ <td>The base name of the generated SBOM file. The full file
+ name will be <em>bomName</em>.<em>format</em>.</td>
+ <td>No, defaults to "bom".</td>
+ </tr>
+ <tr>
+ <td>outputDirectory</td>
+ <td>Sets the directory where the SBOM file(s) will be written
+ to. Relative paths are relative to the project's base
+ directory</td>
+ <td>No, defaults to the project's <code>basedir</code>.</td>
+ </tr>
+ <tr>
+ <td>useComponentSupplier</td>
+ <td>If set to <code>true</code> the supplier of the SBOM's
+ main component will be used for the SBOM itself.<br/>
+ If this is <code>true</code> the main component must specify
+ a supplier. Also you must not use a
+ nested <code>supplier</code> child for this task if this is
+ <code>true</code>.</td>
+ <td>No, defaults to <code>false</code>.</td>
+ </tr>
+ </table>
+
+ <h3>Nested elements</h3>
+
+ <h4>component</h4>
+
+ <p>Exactly one <code>component</code> child element is
+ required - this is the component the SBOM is about.</p>
+
+ <p>The structure is the same as of
+ the <a href="component.html">component</a>
+ type. The <code>scope</code> attribute is prohibited for this
+ child element and <code>isExternal</code> must not
+ be <code>true</code>.</p>
+
+ <h4 id="manufacturer">manufacturer</h4>
+
+ <p>At most one nested <a href="organization.html">organization</a>
+ specifies the manufacturer of the SBOM.</p>
+
+ <h4 id="supplier">supplier</h4>
+
+ <p>At most one nested <a href="organization.html">organization</a>
+ specifies the supplier of the SBOM.</p>
+
+ <p>This is prohibited if the <code>useComponentSupplier</code>
+ attribute is set to <code>true</code>.</p>
+
+ <h4>license</h4>
+
+ <p>A nested <a href="license.html">license</a> specifies the
+ license information of the SBOM.</p>
+
+ <h4>additionalComponent</h4>
+
+ <p><code>additionalComponent</code> child elements
+ specify <a href="component.html">component</a>s that are part of
+ the SBOM but not the main entity. They are required for
+ (transitive) dependencies of the main component but may also be
+ present for different reasons.</p>
+
+ <h4>pureFileComponents</h4>
+
+ <p><code>pureFileComponents</code> is a container for arbitrary
+ resources or resource collections. Only file-system resources
+ are allowed.</p>
+
+ <p>Each file contained in the nested children will be added as
+ component of type <code>file</code> to the SBOM. The name will
+ be the (relative) file name and hashes are calculated.</p>
+
+ <p>This is useful when describing the contents of a tarball for
+ example.</p>
+
+
+ <h3>Examples</h3>
+
+ <p>The following task could be used to create the SBOM of the
+ source tarball of this Ant library:</p>
+
+ <pre>
+ <cdx:componentbom
+ bomName="ant-cyclonedx-${artifact.version}-src.tar-cyclonedx"
+ outputdirectory="${output}"
+ format="all"
+ useComponentSupplier="true"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <component
+ name="ant-cyclonedx-src.tar"
+ version="${artifact.version}"
+ description="Apache CycloneDX Antlib Source Distribution"
+ publisher="The Apache Software Foundation"
+ type="FILE"
+ manufacturerIsSupplier="true">
+ <manufacturer refid="ant-team"/>
+ <license refid="apache-2"/>
+ <externalReferenceSet refid="antlib-ext-refs"/>
+ </component>
+ <pureFileComponents>
+ <fileset dir="../../..">
+ <exclude name="build/"/>
+ <exclude name="docs/style.css"/>
+ <exclude name="ivy/"/>
+ <exclude name="lib/"/>
+ <exclude name="target/"/>
+ <exclude name="examples/"/>
+ </fileset>
+ </pureFileComponents>
+ <license refid="apache-2"/>
+ </cdx:componentbom>
+ </pre>
+ </body>
+</html>
Added:
ant/site/ant/production/antlibs/cyclonedx/manual/externalreferenceset.html
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ ant/site/ant/production/antlibs/cyclonedx/manual/externalreferenceset.html
Sun May 17 08:41:11 2026 (r1934284)
@@ -0,0 +1,103 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <meta http-equiv="Content-Language" content="en-us"></meta>
+ <link rel="stylesheet" type="text/css" href="style.css">
+ <title>Apache CycloneDX Ant Library - externalreferenceset</title>
+ </head>
+
+ <body>
+ <h2 id="externalreferenceset">externalreferenceset</h2>
+
+ <p>externalreferencesets are collections of external references
+ (typed links) that can be associated to a component or an
+ SBOM. They can be used as top-level elements and be given an id
+ so they can be later referred to via the <code>refid</code>
+ attribute -
+ see <a href="https://ant.apache.org/manual/using.html#references";>the
+ Ant manual</a>.</p>
+
+ <p>Apart from Ant's <code>id/refid</code> this element doesn't
+ support any attributes.</p>
+
+ <h3>Nested elements</h3>
+
+ <h4 id="externalReference">externalReference</h4>
+
+ <p>Represents a single external reference to be added to the
+ BOM.</p>
+
+ <table class="attr">
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Description</th>
+ <th scope="col">Required</th>
+ </tr>
+ <tr>
+ <td>type</td>
+ <td>The type of external references. The valid values are
+ defined by the CycloneDX specification.</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>url</td>
+ <td>The url of the external reference.</td>
+ <td>Yes</td>
+ </tr>
+ </table>
+
+ <h3>Examples</h3>
+
+ <p>Below is a set of external references this Ant Library could
+ use for itself.</p>
+
+ <pre>
+ <cdx:externalreferenceset
+ id="antlib-ext-refs"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <externalReference
+ type="vcs"
+ url="https://github.com/apache/ant-antlibs-cyclonedx"/>
+ <externalReference
+ type="license"
+ url="https://www.apache.org/licenses/LICENSE-2.0.txt"/>
+ <externalReference
+ type="build-system"
+
url="https://ci-builds.apache.org/job/Ant/job/CycloneDX%20Antlib/"/>
+ <externalReference
+ type="mailing-list"
+ url="https://ant.apache.org/mail.html"/>
+ <externalReference
+ type="issue-tracker"
+
url="https://bz.apache.org/bugzilla/buglist.cgi?component=CycloneDX%20Antlib&product=Ant"/>
+ <externalReference
+ type="website"
+ url="https://ant.apache.org/antlibs/cyclonedx/"/>
+ <externalReference
+ type="distribution"
+ url="https://ant.apache.org/antlibs/bindownload.cgi"/>
+ <externalReference
+ type="source-distribution"
+ url="https://ant.apache.org/antlibs/srcdownload.cgi"/>
+ <externalReference
+ type="security-contact"
+ url="https://www.apache.org/security/"/>
+ </cdx:externalreferenceset>
+ </pre>
+
+ </body>
Added: ant/site/ant/production/antlibs/cyclonedx/manual/index.html
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ ant/site/ant/production/antlibs/cyclonedx/manual/index.html Sun May 17
08:41:11 2026 (r1934284)
@@ -0,0 +1,99 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <meta http-equiv="Content-Language" content="en-us"></meta>
+ <link rel="stylesheet" type="text/css" href="style.css">
+ <title>Apache CycloneDX Ant Library - 0.1alpha</title>
+ </head>
+
+ <body>
+ <h2>Introduction</h2>
+
+ <p>This Ant library provides Ant types and a task to
+ create <a href="https://cyclonedx.org/";>CycloneDX</a> SBOMs.</p>
+
+ <p>The library is meant to be used for projects that manage their
+ dependencies manually (or haven't got any dependencies at
+ all). For projects
+ using <a href="https://ant.apache.org/ivy/";>Apache Ivy</a> we
+ plan to create a separate Ant Library leveraging automatic
+ dependency management.</p>
+
+ <p>At the same time this Ant library is not restricted to
+ providing SBOMs for jar modules you publish. It is supposed to be
+ generic enough to provide SBOMs for distribution tarballs,
+ executables or generic components.</p>
+
+ <p>Technically it provides a pretty thin layer on top
+ of <a href="https://github.com/CycloneDX/cyclonedx-core-java";>CycloneDX
+ Core (Java)</a> and can only provide what the libary itself
+ supports. For example this means the task doesn't support
+ CycloneDX 1.7, yet, as the underlying library doesn't.</p>
+
+ <p>Right now only a subset of things that can be expressed by a
+ CycloneDX SBOM is possible to create with the Ant task of this
+ library. The main focus has been to support what the Ant project
+ needs for its own releases - but contributions beyond that are
+ certainly welcome.</p>
+
+ <p>This manual follows the CycloneDX terminology closely, as do
+ the task and types. It can not serve as an introduction to
+ SBOMs, in particular as the authors understanding of the topic
+ may be limited or even wrong.</p>
+
+ <h2>Tasks and Types provided by this Ant Library</h2>
+
+ <p>The main entry point to this library is
+ the <a href="componentbom.html">componentbom</a> task that
+ creates CycloneDX SBOMs for a single component. The Ant types
+ provided by this library are mainly there as stand-alone types
+ so they can be reused if you need things in more than one SBOM -
+ because you are publishing multiple components or package them
+ in multiple artifacts for example.</p>
+
+ <p>The types provided by the library are:</p>
+ <ul>
+ <li><a href="component.html">component</a></li>
+ <li><a href="externalreferenceset.html">externalreferenceset</a></li>
+ <li><a href="license.html">license</a></li>
+ <li><a href="organization.html">organization</a></li>
+ </ul>
+
+ <h2>Requirements and Dependencies of this Ant Library</h2>
+
+ <p>This Ant Library requires Java 8 at a minimum to build and at
+ runtime. It is meant to be compatible with Ant 1.10.x but there
+ is no guarantee it will work with any version prior to
+ 1.10.17.</p>
+
+ <p>The only direct dependency
+ is <a href="https://github.com/CycloneDX/cyclonedx-core-java";>CycloneDX
+ Core (Java)</a> but this in turn transitively depends on
+ commons-io, commons-lang3, commons-collections4 and
+ commons-codec of
+ the <a href="https://commons.apache.org/";>Apache Commons</a>
+ project as well
+ as <a href="https://github.com/package-url/packageurl-java";>Package
+ URL (purl) for Java</a>. It also depends
+ on <a href="https://github.com/FasterXML/jackson";>Jackson</a>
+ and <a href="https://github.com/FasterXML/woodstox/";>woodstox</a>
+ when writing the BOM. It may be possible to avoid the woodstox
+ dependency if you only create the JSON format of the SBOM.</p>
+
+ </body>
+</html>
Added: ant/site/ant/production/antlibs/cyclonedx/manual/license.html
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ ant/site/ant/production/antlibs/cyclonedx/manual/license.html Sun May
17 08:41:11 2026 (r1934284)
@@ -0,0 +1,76 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <meta http-equiv="Content-Language" content="en-us"></meta>
+ <link rel="stylesheet" type="text/css" href="style.css">
+ <title>Apache CycloneDX Ant Library - license</title>
+ </head>
+
+ <body>
+ <h2 id="license">license</h2>
+
+ <p>licenses can be attached to components in CycloneDX SBOMs. The
+ license elements can be used as top-level elements and be given
+ an id so they can be later referred to via
+ the <code>refid</code> attribute -
+ see <a href="https://ant.apache.org/manual/using.html#references";>the
+ Ant manual</a>.</p>
+
+ <h3>Attributes</h3>
+
+ <table class="attr">
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Description</th>
+ <th scope="col">Required</th>
+ </tr>
+ <tr>
+ <td>licenseId</td>
+ <td>The id of the license. Must be a
+ valid <a href="https://spdx.org/licenses/";>SPDX
+ identifier</a>.</td>
+ <td rowspan="2">One of the two is required</td>
+ </tr>
+ <tr>
+ <td>name</td>
+ <td>The name of the license.</td>
+ </tr>
+ </table>
+
+ <h3>Nested elements</h3>
+
+ <h4>url</h4>
+
+ <p>At most one
+ nested <a
href="https://ant.apache.org/manual/Types/resources.html#url";>url-resource</a>
+ named <code>url</code> can be used to specify the URL of the license.</p>
+
+ <h3>Examples</h3>
+
+ <p>Below is a license referencing the license of this Antlib itself.</p>
+
+ <pre>
+ <cdx:license
+ licenseId="Apache-2.0"
+ id="apache-2"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <url url="https://www.apache.org/licenses/LICENSE-2.0.txt"/>
+ </cdx:license>
+ </pre>
+
+ </body>
Added: ant/site/ant/production/antlibs/cyclonedx/manual/organization.html
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ ant/site/ant/production/antlibs/cyclonedx/manual/organization.html Sun May
17 08:41:11 2026 (r1934284)
@@ -0,0 +1,73 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ https://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <meta http-equiv="Content-Language" content="en-us"></meta>
+ <link rel="stylesheet" type="text/css" href="style.css">
+ <title>Apache CycloneDX Ant Library - organization</title>
+ </head>
+
+ <body>
+ <h2 id="organization">organization</h2>
+
+ <p>Organizations can be attached to components as well as the SBOM
+ itself using several roles (manufacturer, supplier, ...)
+ in CycloneDX SBOMs.</p>
+
+ <p>The organization elements can be used as top-level elements and
+ be given an id so they can be later referred to via
+ the <code>refid</code> attribute -
+ see <a href="https://ant.apache.org/manual/using.html#references";>the
+ Ant manual</a>.</p>
+
+ <h3>Attributes</h3>
+
+ <table class="attr">
+ <tr>
+ <th scope="col">Attribute</th>
+ <th scope="col">Description</th>
+ <th scope="col">Required</th>
+ </tr>
+ <tr>
+ <td>name</td>
+ <td>The name of the organization.</td>
+ <td>No</td>
+ </tr>
+ </table>
+
+ <h3>Nested elements</h3>
+
+ <h4>url</h4>
+
+ <p>Nested <a
href="https://ant.apache.org/manual/Types/resources.html#url";>url-resource</a>s
+ named <code>url</code> can be used to specify the URL(s) of the
+ organization.</p>
+
+ <h3>Examples</h3>
+
+ <p>Below is an organization that would describe the Ant dev team.</p>
+
+ <pre>
+ <cdx:organization
+ name="Apache Ant Development Team"
+ id="ant-team"
+ xmlns:cdx="antlib:org.apache.ant.cyclonedx">
+ <url url="https://ant.apache.org/"/>
+ </cdx:organization>
+ </pre>
+
+ </body>
Added: ant/site/ant/production/antlibs/cyclonedx/manual/style.css
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ ant/site/ant/production/antlibs/cyclonedx/manual/style.css Sun May 17
08:41:11 2026 (r1934284)
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+h2 {
+ font-size: 200%;
+ background-color: ffffff;
+}
+
+h3 {
+ font-size: 130%;
+ color: #ffffff;
+ background-color: #525D76;
+}
+
+h4 {
+ color: #ffffff;
+ background-color: #828DA6;
+}
+
+td {
+ background-color: eeeeee;
+ color: 000000;
+}
+
+ /* first row */
+table tr:first-child td {
+ background-color: cccccc;
+ color: 000000;
+}
+
+ /* or th as first row */
+table th {
+ background-color: cccccc;
+ color: 000000;
+}
+
+pre {
+ background-color: efefef;
+}
+
+.copyright {
+ font-family: arial,helvetica,sanserif;
+ font-size: 90%;
+ clear: both;
+ text-align: center;
+ margin: 0px;
+ border-top: thin solid #4C6C8F;
+}
Modified: ant/site/ant/sources/antlibs/cyclonedx/index.xml
==============================================================================
--- ant/site/ant/sources/antlibs/cyclonedx/index.xml Sun May 17 08:30:25
2026 (r1934283)
+++ ant/site/ant/sources/antlibs/cyclonedx/index.xml Sun May 17 08:41:11
2026 (r1934284)
@@ -32,6 +32,10 @@
href="https://ant.apache.org/ivy/";>Apache Ivy</a> is
planned.</p>
</section>
+
+ <section name="Current Manual">
+ <p>The pre-release manual can be found <a href="manual/">here</a>.</p>
+ </section>
</body>
</document>
