JinwooHwang commented on code in PR #7933: URL: https://github.com/apache/geode/pull/7933#discussion_r2384225857
########## GEODE-10481-IMPLEMENTATION-PROPOSAL.md: ########## @@ -0,0 +1,554 @@ +# GEODE-10481 Implementation Proposal +**Software Bill of Materials (SBOM) Generation for Apache Geode** + +--- + +## Executive Summary + +This proposal outlines the implementation approach for **GEODE-10481**: adding automated SBOM generation to Apache Geode to enhance supply chain security, meet enterprise compliance requirements, and improve dependency transparency. + +**Key Decisions:** +- **Tool Choice**: CycloneDX Gradle Plugin (instead of SPDX) for superior multi-module support Review Comment: Hi @sboorlagadda . I apologize for the delayed response. CycloneDX appears to be a strong and thoughtful choice. I’ll take a closer look at the proposal and follow up shortly. Thank you for your patience. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
