[
https://issues.apache.org/jira/browse/SOLR-17328?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated SOLR-17328:
----------------------------------
Labels: pull-request-available (was: )
> Publish SBOMs for Solr binary artifacts
> ---------------------------------------
>
> Key: SOLR-17328
> URL: https://issues.apache.org/jira/browse/SOLR-17328
> Project: Solr
> Issue Type: Bug
> Reporter: Houston Putman
> Priority: Major
> Labels: pull-request-available
> Time Spent: 10m
> Remaining Estimate: 0h
>
> As mentioned in SOLR-16796, SBOMs (Software Bills of Material) are useful for
> organizations running software at a large scale.
> SOLR-16796 originally focused on SBOMs for Solr in general, and was
> repurposed to just incorporate Maven artifacts, so this ticket completes the
> entire goal. (SBOMs for all of Solr's artifacts)
> Since Solr produces a full and slim tgz, an SBOM would have to be produced
> for each. And cyclonedx would be the standard used, since that is the
> standard used for the maven SBOMs.
> I'm not sure how it would work in the gradle workflow of Solr, but something
> like [syft|https://github.com/anchore/syft] would be useful to auto-generate
> an sbom for a tgz in case the cyclonedx gradle plugin is not configurable
> enough to handle the task.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
