dongjoon-hyun opened a new pull request, #3926: URL: https://github.com/apache/hive/pull/3926
### What changes were proposed in this pull request? This PR aims to publish SBOM artifacts along with the other Apache projects. - https://cwiki.apache.org/confluence/display/COMDEV/SBOM Here is an article to give some context. - https://www.activestate.com/blog/why-the-us-government-is-mandating-software-bill-of-materials-sbom/ Software Bill of Materials (SBOM) are additional artifacts containing the aggregate of all direct and transitive dependencies of a project. The US Government (based on NIST recommendations) currently accepts only the three most popular SBOM standards as valid, namely: [CycloneDX](https://cyclonedx.org/), [Software Identification (SWID) tag](https://csrc.nist.gov/projects/Software-Identification-SWID), [Software Package Data Exchange® (SPDX)](https://spdx.dev/). This PR uses one of the Maven plugin, [CycloneDX maven plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin), a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. https://maven.apache.org/plugins/index.html#misc ### Why are the changes needed? This is helpful for the users who want to check the artifacts. ### Does this PR introduce _any_ user-facing change? No. ### How was this patch tested? `hive-common-4.0.0-SNAPSHOT.jar` will have `hive-common-4.0.0-SNAPSHOT-cyclonedx.xml` and `hive-common-4.0.0-SNAPSHOT-cyclonedx.json` files addtionally. ``` $ mvn install -pl common -DskipTests ... $ ls -al /Users/dongjoon/.m2/repository/org/apache/hive/hive-common/4.0.0-SNAPSHOT/ total 2976 drwxr-xr-x 9 dongjoon staff 288 Jan 9 00:52 . drwxr-xr-x 4 dongjoon staff 128 Jan 9 00:52 .. -rw-r--r-- 1 dongjoon staff 332 Jan 9 00:52 _remote.repositories -rw-r--r-- 1 dongjoon staff 394918 Jan 9 00:52 hive-common-4.0.0-SNAPSHOT-cyclonedx.json -rw-r--r-- 1 dongjoon staff 348460 Jan 9 00:52 hive-common-4.0.0-SNAPSHOT-cyclonedx.xml -rw-r--r-- 1 dongjoon staff 147479 Jan 9 00:52 hive-common-4.0.0-SNAPSHOT-tests.jar -rw-r--r-- 1 dongjoon staff 594455 Jan 9 00:52 hive-common-4.0.0-SNAPSHOT.jar -rw-r--r-- 1 dongjoon staff 13790 Jan 6 14:27 hive-common-4.0.0-SNAPSHOT.pom -rw-r--r-- 1 dongjoon staff 1330 Jan 9 00:52 maven-metadata-local.xml ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
