This is an automated email from the ASF dual-hosted git repository. juanpablo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 203ab122d240a65499b669ed51339a3e526defcb Author: Juan Pablo Santos RodrÃguez <juanpablo.san...@gmail.com> AuthorDate: Tue Apr 9 15:44:08 2024 +0200 publish SBOMs --- pom.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/pom.xml b/pom.xml index b5909c18b..6899f2ffa 100644 --- a/pom.xml +++ b/pom.xml @@ -107,6 +107,7 @@ <plugin.cargo.version>1.10.11</plugin.cargo.version> <plugin.clirr.version>2.8</plugin.clirr.version> <plugin.cobertura.version>2.7</plugin.cobertura.version> + <plugin.cyclonedx.version>2.8.0</plugin.cyclonedx.version> <plugin.sonar.version>3.10.0.2594</plugin.sonar.version> <plugin.sonar-report.version>0.1</plugin.sonar-report.version> <plugin.eclipse-lifecycle-mapping.version>1.0.0</plugin.eclipse-lifecycle-mapping.version> @@ -478,6 +479,29 @@ <groupId>net.nicoulaj.maven.plugins</groupId> <artifactId>checksum-maven-plugin</artifactId> </plugin> + + <plugin> + <groupId>org.cyclonedx</groupId> + <artifactId>cyclonedx-maven-plugin</artifactId> + <executions> + <execution> + <id>generate-sbom</id> + <goals> + <goal>makeAggregateBom</goal> + </goals> + <phase>package</phase> + <configuration> + <externalReferences> + <externalReference> + <type>vulnerability-assertion</type> + <url>https://jspwiki.apache.org/cyclonedx/vdr.xml</url> + </externalReference> + </externalReferences> + <outputFormat>xml</outputFormat> + </configuration> + </execution> + </executions> + </plugin> </plugins> <pluginManagement> <!-- defines what configuration is going to be used if, and only if, the plugin is used --> @@ -825,6 +849,12 @@ </configuration> </plugin> + <plugin> + <groupId>org.cyclonedx</groupId> + <artifactId>cyclonedx-maven-plugin</artifactId> + <version>${plugin.cyclonedx.version}</version> + </plugin> + <plugin> <groupId>org.sonarsource.scanner.maven</groupId> <artifactId>sonar-maven-plugin</artifactId>