Hi all the Apache tooling project is working on something that is called "Apache Trusted Releases" which seems to require CycloneDX SBOMs to use the .cdx.json as extension[1]. The prior art of the Maven and Gradle plugins may force them to reconsider but I've started to change things so we use the convention in the future. Jaikiran has questioned the file names already and the spec seems to say "use .cdx.json"[2]
Stefan [1] https://github.com/apache/tooling-trusted-releases/issues/1332 [2] https://cyclonedx.org/specification/overview/#recognized-file-patterns --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
