Arnout Engelen created SOLR-16796:
-------------------------------------
Summary: Publish an SBOM for Solr artifacts
Key: SOLR-16796
URL: https://issues.apache.org/jira/browse/SOLR-16796
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Components: Build
Reporter: Arnout Engelen
It would be nice if Solr published an 'SBOM' (Software Bill of Materials) for
its artifacts. An SBOM gives an overview of the components included in the
artifact, which can be useful for example for scanner software that looks for
dependencies with potential security vulnerabilities.
Such consumers of the SBOM should probably combine it with the VEX published
for Solr ([https://solr.apache.org/security.html#vex)] to avoid getting reports
for known false positives.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
