(jspwiki) 02/05: publish SBOMs

[juanpablo]

This is an automated email from the ASF dual-hosted git repository.

juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git

commit 203ab122d240a65499b669ed51339a3e526defcb
Author: Juan Pablo Santos Rodríguez <juanpablo.san...@gmail.com>
AuthorDate: Tue Apr 9 15:44:08 2024 +0200

    publish SBOMs
---
 pom.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/pom.xml b/pom.xml
index b5909c18b..6899f2ffa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -107,6 +107,7 @@
     <plugin.cargo.version>1.10.11</plugin.cargo.version>
     <plugin.clirr.version>2.8</plugin.clirr.version>
     <plugin.cobertura.version>2.7</plugin.cobertura.version>
+    <plugin.cyclonedx.version>2.8.0</plugin.cyclonedx.version>
     <plugin.sonar.version>3.10.0.2594</plugin.sonar.version>
     <plugin.sonar-report.version>0.1</plugin.sonar-report.version>
     
<plugin.eclipse-lifecycle-mapping.version>1.0.0</plugin.eclipse-lifecycle-mapping.version>
@@ -478,6 +479,29 @@
         <groupId>net.nicoulaj.maven.plugins</groupId>
         <artifactId>checksum-maven-plugin</artifactId>
       </plugin>
+
+      <plugin>
+        <groupId>org.cyclonedx</groupId>
+        <artifactId>cyclonedx-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>generate-sbom</id>
+            <goals>
+              <goal>makeAggregateBom</goal>
+            </goals>
+            <phase>package</phase>
+            <configuration>
+              <externalReferences>
+                <externalReference>
+                  <type>vulnerability-assertion</type>
+                  <url>https://jspwiki.apache.org/cyclonedx/vdr.xml</url>
+                </externalReference>
+              </externalReferences>
+              <outputFormat>xml</outputFormat>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
     </plugins>
 
     <pluginManagement> <!-- defines what configuration is going to be used if, 
and only if, the plugin is used                          -->
@@ -825,6 +849,12 @@
           </configuration>
         </plugin>
 
+        <plugin>
+          <groupId>org.cyclonedx</groupId>
+          <artifactId>cyclonedx-maven-plugin</artifactId>
+          <version>${plugin.cyclonedx.version}</version>
+        </plugin>
+
         <plugin>
           <groupId>org.sonarsource.scanner.maven</groupId>
           <artifactId>sonar-maven-plugin</artifactId>