dongjoon-hyun commented on PR #2046: URL: https://github.com/apache/avro/pull/2046#issuecomment-1372966207
Yes, among those three standards, `CycloneDX` and `SPDX` formats are proper for us and Maven plugins exist in the same way. - https://github.com/CycloneDX/cyclonedx-maven-plugin - https://github.com/spdx/spdx-maven-plugin Although this PR delivers `CycloneDX`-style BOM files first, we may want to add `SDPX`-style BOM files additionally later. They are not exclusive. The reason why I choose `CycloneDX` is simpler and focuses on mostly for application security and supply-chain component analysis, @iemejia . This fits my needs first. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
