Hello, Essentially is enough to run a maven install.
mvn install -DskipTests -Psbom The aggregate sbom will be in target folder at root level. We could tune it and find a way to automatize this, for example through a gh action. Il giorno gio 19 gen 2023 alle ore 12:43 Claus Ibsen <claus.ib...@gmail.com> ha scritto: > Hi Andrea > > How do you generate the sbom file? What command do you run from the root > folder of Camel source code? > And should we have this documented somewhere. > > On Thu, Jan 19, 2023 at 11:42 AM Andrea Cosentino <anco...@gmail.com> > wrote: > > > Hello, > > > > Moving to Camel 4.x I think it's time to have a look at SBOM generation > and > > so on. > > > > I added a profile named sbom to the root POM. > > > > It will generate two files in the target folder camel-sbom.json and > > camel-sbom.xml. > > > > For the moment I choose to copy them in camel-sbom folder manually, so we > > can do the generation time-based (like one a week or something like > that). > > > > This SBOM files could be used to check if we are healthy or not in terms > of > > dependency used. > > > > I think we should try to use this kind of information as standard, there > > are multiple tools we could use to leverage the SBOM generation. > > > > For any questions let's discuss here :-) > > > > Thanks. > > > > > -- > Claus Ibsen > ----------------- > @davsclaus > Camel in Action 2: https://www.manning.com/ibsen2 >
