Dear ONAP team We have implemented a new feature in global-jjb for SPDX SBOM Generator reports to be optionally produced as part of the autorelease package for Maven staged release candidates.
*What is it?* *Software Package Data Exchange (SPDX)* is an open standard for communicating software bill of materials (SBOM) information that supports accurate identification of software components, explicit mapping of relationships between components, and the association of security and licensing information with each component. In global-jjb "lf-infra-maven-sbom-generator" is an optional builder step for the "gerrit-maven-stage" job. *How to use it?* To enable SPDX SBOM Generator, set "*sbom-generator*" to true for your gerrit-maven-stage jobs. *This feature is disabled by default for all projects* Optional variables: - "*sbom-flags*" to pass any optional flags to the executor according to: https://github.com/opensbom-generator/spdx-sbom-generator - "*sbom-generator-version*" to use a specific SPDX SBOM Generator version (default is "v0.0.10") Code example: - gerrit-maven-stage: * sbom-generator: true* *sbom-flags: "-p test/path/example"* *sbom-generator-version: v0.0.13* *What does it do?* When "sbom-generator" is true, "gerrit-maven-stage" will run SPDX SBOM Generator tool to generate a software bill of materials with current package managers. This report will be part of the "autorelease" package for a staged release candidate. For example: https://nexus.onap.org/content/repositories/autorelease-318953/ *Where can I learn more about it?* More about SPDX SBOM Generator: https://github.com/opensbom-generator/spdx-sbom-generator More about maven-stage: https://docs.releng.linuxfoundation.org/projects/global-jjb/en/latest/jjb/lf-maven-jobs.html#lf-maven-stage Maven-stage code: https://github.com/lfit/releng-global-jjb/blob/master/jjb/lf-maven-jobs.yaml#L817 If you have any questions or need assistance, please contact https://support.linuxfoundation.org/ Thank you! Jess -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#23927): https://lists.onap.org/g/onap-discuss/message/23927 Mute This Topic: https://lists.onap.org/mt/89852294/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
