sboorlagadda commented on code in PR #7933: URL: https://github.com/apache/geode/pull/7933#discussion_r2383218124
########## GEODE-10481-IMPLEMENTATION-PROPOSAL.md: ########## @@ -0,0 +1,554 @@ +# GEODE-10481 Implementation Proposal +**Software Bill of Materials (SBOM) Generation for Apache Geode** + +--- + +## Executive Summary + +This proposal outlines the implementation approach for **GEODE-10481**: adding automated SBOM generation to Apache Geode to enhance supply chain security, meet enterprise compliance requirements, and improve dependency transparency. + +**Key Decisions:** +- **Tool Choice**: CycloneDX Gradle Plugin (instead of SPDX) for superior multi-module support Review Comment: @JinwooHwang Should we use SPDX or CyloneDX? Could you review this proposal and I want to first align on the proposal before start implementation ########## GEODE-10481-IMPLEMENTATION-PROPOSAL.md: ########## @@ -0,0 +1,554 @@ +# GEODE-10481 Implementation Proposal +**Software Bill of Materials (SBOM) Generation for Apache Geode** + +--- + +## Executive Summary + +This proposal outlines the implementation approach for **GEODE-10481**: adding automated SBOM generation to Apache Geode to enhance supply chain security, meet enterprise compliance requirements, and improve dependency transparency. + +**Key Decisions:** +- **Tool Choice**: CycloneDX Gradle Plugin (instead of SPDX) for superior multi-module support Review Comment: I have presented an implementation proposal using CyloneDX. Please also review the implementation proposal not only the key decision -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
