Re: [DISCUSS] Adding the generation of sboms to our build?
+1 for moving to the master branch. --- Xiangdong Huang School of Software, Tsinghua University Christofer Dutz 于2023年8月1日周二 22:00写道: > > I added the config to my pr here: > https://github.com/apache/iotdb/pull/10742/commits/c4f4d2e874fd7c1ae4332062e29770925dce7024 > > Chris > > > Von: Xiangdong Huang > Datum: Samstag, 29. Juli 2023 um 08:48 > An: dev@iotdb.apache.org > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > Cool, CycloneDX is famous. Look forward! > --- > Xiangdong Huang > > > Christofer Dutz 于2023年7月15日周六 22:59写道: > > > > Well in PLC4X the plugin generates an XML version of the SBOM. > > We’re using this plugin: > > https://github.com/CycloneDX/cyclonedx-maven-plugin > > > > Chris > > > > Von: Xiangdong Huang > > Datum: Samstag, 15. Juli 2023 um 07:58 > > An: dev@iotdb.apache.org > > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > > Hi Chris, > > > > Look forward! SBOM has also received a lot of attention in China. > > Which kind of format/standard it will obey? > > > > Best, > > --- > > Xiangdong Huang > > > > Christofer Dutz 于2023年7月14日周五 21:28写道: > > > > > > Hi all, > > > > > > here in Europe we’re currently preparing for quite a bit of an earthquake > > > caused by the Cyber-Resiliency-Act. In some projects I’m involved in > > > (Mainly PLC4X) I’ve started initiating small changes which could make us > > > come out without too many problems. > > > > > > One thing that seems to be coming up in both the EU as well as the US > > > acts, are the requirement to publish SBOM information (Software Bill Of > > > Material). As we are also using Maven as a build tool, I’ve got a > > > configuration in our poms that ensures an Apache release also produces an > > > SBOM, that we will be able to deploy. > > > > > > Are we interested in adding that to the IoTDB build? > > > > > > Chris
Re: [DISCUSS] Adding the generation of sboms to our build?
Cool, CycloneDX is famous. Look forward! --- Xiangdong Huang Christofer Dutz 于2023年7月15日周六 22:59写道: > > Well in PLC4X the plugin generates an XML version of the SBOM. > We’re using this plugin: > https://github.com/CycloneDX/cyclonedx-maven-plugin > > Chris > > Von: Xiangdong Huang > Datum: Samstag, 15. Juli 2023 um 07:58 > An: dev@iotdb.apache.org > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > Hi Chris, > > Look forward! SBOM has also received a lot of attention in China. > Which kind of format/standard it will obey? > > Best, > --- > Xiangdong Huang > > Christofer Dutz 于2023年7月14日周五 21:28写道: > > > > Hi all, > > > > here in Europe we’re currently preparing for quite a bit of an earthquake > > caused by the Cyber-Resiliency-Act. In some projects I’m involved in > > (Mainly PLC4X) I’ve started initiating small changes which could make us > > come out without too many problems. > > > > One thing that seems to be coming up in both the EU as well as the US acts, > > are the requirement to publish SBOM information (Software Bill Of > > Material). As we are also using Maven as a build tool, I’ve got a > > configuration in our poms that ensures an Apache release also produces an > > SBOM, that we will be able to deploy. > > > > Are we interested in adding that to the IoTDB build? > > > > Chris
Re: [DISCUSS] Adding the generation of sboms to our build?
Hi Chris, Look forward! SBOM has also received a lot of attention in China. Which kind of format/standard it will obey? Best, --- Xiangdong Huang Christofer Dutz 于2023年7月14日周五 21:28写道: > > Hi all, > > here in Europe we’re currently preparing for quite a bit of an earthquake > caused by the Cyber-Resiliency-Act. In some projects I’m involved in (Mainly > PLC4X) I’ve started initiating small changes which could make us come out > without too many problems. > > One thing that seems to be coming up in both the EU as well as the US acts, > are the requirement to publish SBOM information (Software Bill Of Material). > As we are also using Maven as a build tool, I’ve got a configuration in our > poms that ensures an Apache release also produces an SBOM, that we will be > able to deploy. > > Are we interested in adding that to the IoTDB build? > > Chris
