Thanks for that.
Il giorno gio 19 gen 2023 alle ore 18:22 Christofer Dutz < christofer.d...@c-ware.de> ha scritto: > Thanks for this … instantly tried it out for PLC4X :-) > > You might want to add an “<inherited>false</inherited>” if you want it > only executed in the reactor root for the entire project. > If you run it for every module, it does make the build take a LOT longer > ;-) > > Chris > > From: Andrea Cosentino <anco...@gmail.com> > Date: Thursday, 19. January 2023 at 12:53 > To: dev <dev@camel.apache.org> > Subject: Re: [HEADS-UP] SBOM Generation > Yes, it's not harming just a problem with bundle. We can tweak and exclude > it if needed. > > There are even trouble with atlassian repository. > > But the generation will complete correctly > > Il gio 19 gen 2023, 12:51 Claus Ibsen <claus.ib...@gmail.com> ha scritto: > > > Hi > > > > Thanks so running this build and noticed some WARN/ERROR due to OSGi. I > > guess snappy-java pom.xml have <packaging>bundle which is not a > well-known, > > as <packaging>jar is the default and wide-spread use. > > > > Caused by: org.apache.maven.model.building.ModelBuildingException: 1 > > problem was encountered while building the effective model for > > org.xerial.snappy:snappy-java:1.1.8.4 > > [ERROR] Unknown packaging: bundle @ line 6, column 16 > > > > > > > > On Thu, Jan 19, 2023 at 12:46 PM Andrea Cosentino <anco...@gmail.com> > > wrote: > > > > > Hello, > > > > > > Essentially is enough to run a maven install. > > > > > > mvn install -DskipTests -Psbom > > > > > > The aggregate sbom will be in target folder at root level. > > > > > > We could tune it and find a way to automatize this, for example > through a > > > gh action. > > > > > > > > > > > > Il giorno gio 19 gen 2023 alle ore 12:43 Claus Ibsen < > > > claus.ib...@gmail.com> > > > ha scritto: > > > > > > > Hi Andrea > > > > > > > > How do you generate the sbom file? What command do you run from the > > root > > > > folder of Camel source code? > > > > And should we have this documented somewhere. > > > > > > > > On Thu, Jan 19, 2023 at 11:42 AM Andrea Cosentino <anco...@gmail.com > > > > > > wrote: > > > > > > > > > Hello, > > > > > > > > > > Moving to Camel 4.x I think it's time to have a look at SBOM > > generation > > > > and > > > > > so on. > > > > > > > > > > I added a profile named sbom to the root POM. > > > > > > > > > > It will generate two files in the target folder camel-sbom.json and > > > > > camel-sbom.xml. > > > > > > > > > > For the moment I choose to copy them in camel-sbom folder manually, > > so > > > we > > > > > can do the generation time-based (like one a week or something like > > > > that). > > > > > > > > > > This SBOM files could be used to check if we are healthy or not in > > > terms > > > > of > > > > > dependency used. > > > > > > > > > > I think we should try to use this kind of information as standard, > > > there > > > > > are multiple tools we could use to leverage the SBOM generation. > > > > > > > > > > For any questions let's discuss here :-) > > > > > > > > > > Thanks. > > > > > > > > > > > > > > > > > -- > > > > Claus Ibsen > > > > ----------------- > > > > @davsclaus > > > > Camel in Action 2: https://www.manning.com/ibsen2 > > > > > > > > > > > > > -- > > Claus Ibsen > > ----------------- > > @davsclaus > > Camel in Action 2: https://www.manning.com/ibsen2 > > >
