Hi all, I've been asked to generate a Sofware Bills of Materials for a given version and a give set of plugins for GeoServer. Found the cyclonedx plugin that seems to fit the bill (pun intended) and thought I'd share the setup and results with you, using a draft PR:
https://github.com/geoserver/geoserver/pull/7915 This provides a way to generate a SBOM for a given set of plugins (just enable the profiles). I see that some software is already adding the SBOM as part of their release and maybe we should do the same? However, not sure how to handle the pluggable nature of GeoServer. Maybe have a main sbom, and generate one for each plugin in addition? I hear that CycloneDX SBOM files can be merged. Anyways... food for thought. I have what I need, a way to generate a SBOM for a given GeoServer version and set of plugins, if we can make it something that is part of the release process (in a fully automated way, of course), all the better. Regards, Andrea Aime == GeoServer Professional Services from the experts! Visit http://bit.ly/gs-services-us for more information. == Ing. Andrea Aime @geowolf Technical Lead GeoSolutions Group phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 8844549 https://www.geosolutionsgroup.com/ http://twitter.com/geosolutions_it ------------------------------------------------------- Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia. This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
