Well in PLC4X the plugin generates an XML version of the SBOM.
We’re using this plugin:
https://github.com/CycloneDX/cyclonedx-maven-plugin
Chris
Von: Xiangdong Huang
Datum: Samstag, 15. Juli 2023 um 07:58
An: dev@iotdb.apache.org
Betreff: Re: [DISCUSS] Adding the generation of sboms to our build?
Hi Chris,
Look forward! SBOM has also received a lot of attention in China.
Which kind of format/standard it will obey?
Best,
---
Xiangdong Huang
Christofer Dutz 于2023年7月14日周五 21:28写道:
>
> Hi all,
>
> here in Europe we’re currently preparing for quite a bit of an earthquake
> caused by the Cyber-Resiliency-Act. In some projects I’m involved in (Mainly
> PLC4X) I’ve started initiating small changes which could make us come out
> without too many problems.
>
> One thing that seems to be coming up in both the EU as well as the US acts,
> are the requirement to publish SBOM information (Software Bill Of Material).
> As we are also using Maven as a build tool, I’ve got a configuration in our
> poms that ensures an Apache release also produces an SBOM, that we will be
> able to deploy.
>
> Are we interested in adding that to the IoTDB build?
>
> Chris