[jira] [Commented] (CAMEL-18951) Introducing SBOM generation
[ https://issues.apache.org/jira/browse/CAMEL-18951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17762605#comment-17762605 ] Colm O hEigeartaigh commented on CAMEL-18951: - Alright thanks! > Introducing SBOM generation > > > Key: CAMEL-18951 > URL: https://issues.apache.org/jira/browse/CAMEL-18951 > Project: Camel > Issue Type: Improvement > Components: build system >Reporter: Andrea Cosentino >Assignee: Andrea Cosentino >Priority: Major > Fix For: 4.0-M1, 4.0.0 > > > We could use some of the maven plugin out there: > https://github.com/CycloneDX/cyclonedx-maven-plugin > To me this one is really complete. > For the beginning I will use a profile without adding the generated SBOM to > the assembly (I don't know how big will it be), but I do believe it would be > really helpful and I would like to add it as standard information with each > release -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CAMEL-18951) Introducing SBOM generation
[ https://issues.apache.org/jira/browse/CAMEL-18951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17762603#comment-17762603 ] Andrea Cosentino commented on CAMEL-18951: -- At this stage, we are still not releasing it, but I'm planning to add it to the release profile. For the moment you have the current SBOM snapshot here: https://github.com/apache/camel/tree/main/camel-sbom We are auto-generating it once a week on Sunday. The idea, now, is to add the SBOM to the release as other projects are starting to do. I already done that in camel-kamelets for example: https://github.com/apache/camel-kamelets/pull/1631 > Introducing SBOM generation > > > Key: CAMEL-18951 > URL: https://issues.apache.org/jira/browse/CAMEL-18951 > Project: Camel > Issue Type: Improvement > Components: build system >Reporter: Andrea Cosentino >Assignee: Andrea Cosentino >Priority: Major > Fix For: 4.0-M1, 4.0.0 > > > We could use some of the maven plugin out there: > https://github.com/CycloneDX/cyclonedx-maven-plugin > To me this one is really complete. > For the beginning I will use a profile without adding the generated SBOM to > the assembly (I don't know how big will it be), but I do believe it would be > really helpful and I would like to add it as standard information with each > release -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (CAMEL-18951) Introducing SBOM generation
[ https://issues.apache.org/jira/browse/CAMEL-18951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17762602#comment-17762602 ] Colm O hEigeartaigh commented on CAMEL-18951: - [~acosentino] Is this generated SBOM available somewhere in Maven Central? For example I added it for Santuario recently [https://repo1.maven.org/maven2/org/apache/santuario/xmlsec/4.0.0-M1/] > Introducing SBOM generation > > > Key: CAMEL-18951 > URL: https://issues.apache.org/jira/browse/CAMEL-18951 > Project: Camel > Issue Type: Improvement > Components: build system >Reporter: Andrea Cosentino >Assignee: Andrea Cosentino >Priority: Major > Fix For: 4.0-M1, 4.0.0 > > > We could use some of the maven plugin out there: > https://github.com/CycloneDX/cyclonedx-maven-plugin > To me this one is really complete. > For the beginning I will use a profile without adding the generated SBOM to > the assembly (I don't know how big will it be), but I do believe it would be > really helpful and I would like to add it as standard information with each > release -- This message was sent by Atlassian Jira (v8.20.10#820010)