AW: [DISCUSS] Adding the generation of sboms to our build?
Ok … so after merging my branch with the pom refactoring, also the sbom generation is now part of an apache-release. Chris Von: Christofer Dutz Datum: Dienstag, 1. August 2023 um 17:00 An: dev@iotdb.apache.org Betreff: AW: [DISCUSS] Adding the generation of sboms to our build? However, this includes a LOT more than that change, so I guess a bit more review would be needed, right? ;-) Chris Von: Xiangdong Huang Datum: Dienstag, 1. August 2023 um 16:02 An: dev@iotdb.apache.org Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? +1 for moving to the master branch. --- Xiangdong Huang School of Software, Tsinghua University Christofer Dutz 于2023年8月1日周二 22:00写道: > > I added the config to my pr here: > https://github.com/apache/iotdb/pull/10742/commits/c4f4d2e874fd7c1ae4332062e29770925dce7024 > > Chris > > > Von: Xiangdong Huang > Datum: Samstag, 29. Juli 2023 um 08:48 > An: dev@iotdb.apache.org > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > Cool, CycloneDX is famous. Look forward! > --- > Xiangdong Huang > > > Christofer Dutz 于2023年7月15日周六 22:59写道: > > > > Well in PLC4X the plugin generates an XML version of the SBOM. > > We’re using this plugin: > > https://github.com/CycloneDX/cyclonedx-maven-plugin > > > > Chris > > > > Von: Xiangdong Huang > > Datum: Samstag, 15. Juli 2023 um 07:58 > > An: dev@iotdb.apache.org > > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > > Hi Chris, > > > > Look forward! SBOM has also received a lot of attention in China. > > Which kind of format/standard it will obey? > > > > Best, > > --- > > Xiangdong Huang > > > > Christofer Dutz 于2023年7月14日周五 21:28写道: > > > > > > Hi all, > > > > > > here in Europe we’re currently preparing for quite a bit of an earthquake > > > caused by the Cyber-Resiliency-Act. In some projects I’m involved in > > > (Mainly PLC4X) I’ve started initiating small changes which could make us > > > come out without too many problems. > > > > > > One thing that seems to be coming up in both the EU as well as the US > > > acts, are the requirement to publish SBOM information (Software Bill Of > > > Material). As we are also using Maven as a build tool, I’ve got a > > > configuration in our poms that ensures an Apache release also produces an > > > SBOM, that we will be able to deploy. > > > > > > Are we interested in adding that to the IoTDB build? > > > > > > Chris
AW: [DISCUSS] Adding the generation of sboms to our build?
However, this includes a LOT more than that change, so I guess a bit more review would be needed, right? ;-) Chris Von: Xiangdong Huang Datum: Dienstag, 1. August 2023 um 16:02 An: dev@iotdb.apache.org Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? +1 for moving to the master branch. --- Xiangdong Huang School of Software, Tsinghua University Christofer Dutz 于2023年8月1日周二 22:00写道: > > I added the config to my pr here: > https://github.com/apache/iotdb/pull/10742/commits/c4f4d2e874fd7c1ae4332062e29770925dce7024 > > Chris > > > Von: Xiangdong Huang > Datum: Samstag, 29. Juli 2023 um 08:48 > An: dev@iotdb.apache.org > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > Cool, CycloneDX is famous. Look forward! > --- > Xiangdong Huang > > > Christofer Dutz 于2023年7月15日周六 22:59写道: > > > > Well in PLC4X the plugin generates an XML version of the SBOM. > > We’re using this plugin: > > https://github.com/CycloneDX/cyclonedx-maven-plugin > > > > Chris > > > > Von: Xiangdong Huang > > Datum: Samstag, 15. Juli 2023 um 07:58 > > An: dev@iotdb.apache.org > > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > > Hi Chris, > > > > Look forward! SBOM has also received a lot of attention in China. > > Which kind of format/standard it will obey? > > > > Best, > > --- > > Xiangdong Huang > > > > Christofer Dutz 于2023年7月14日周五 21:28写道: > > > > > > Hi all, > > > > > > here in Europe we’re currently preparing for quite a bit of an earthquake > > > caused by the Cyber-Resiliency-Act. In some projects I’m involved in > > > (Mainly PLC4X) I’ve started initiating small changes which could make us > > > come out without too many problems. > > > > > > One thing that seems to be coming up in both the EU as well as the US > > > acts, are the requirement to publish SBOM information (Software Bill Of > > > Material). As we are also using Maven as a build tool, I’ve got a > > > configuration in our poms that ensures an Apache release also produces an > > > SBOM, that we will be able to deploy. > > > > > > Are we interested in adding that to the IoTDB build? > > > > > > Chris
Re: [DISCUSS] Adding the generation of sboms to our build?
+1 for moving to the master branch. --- Xiangdong Huang School of Software, Tsinghua University Christofer Dutz 于2023年8月1日周二 22:00写道: > > I added the config to my pr here: > https://github.com/apache/iotdb/pull/10742/commits/c4f4d2e874fd7c1ae4332062e29770925dce7024 > > Chris > > > Von: Xiangdong Huang > Datum: Samstag, 29. Juli 2023 um 08:48 > An: dev@iotdb.apache.org > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > Cool, CycloneDX is famous. Look forward! > --- > Xiangdong Huang > > > Christofer Dutz 于2023年7月15日周六 22:59写道: > > > > Well in PLC4X the plugin generates an XML version of the SBOM. > > We’re using this plugin: > > https://github.com/CycloneDX/cyclonedx-maven-plugin > > > > Chris > > > > Von: Xiangdong Huang > > Datum: Samstag, 15. Juli 2023 um 07:58 > > An: dev@iotdb.apache.org > > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > > Hi Chris, > > > > Look forward! SBOM has also received a lot of attention in China. > > Which kind of format/standard it will obey? > > > > Best, > > --- > > Xiangdong Huang > > > > Christofer Dutz 于2023年7月14日周五 21:28写道: > > > > > > Hi all, > > > > > > here in Europe we’re currently preparing for quite a bit of an earthquake > > > caused by the Cyber-Resiliency-Act. In some projects I’m involved in > > > (Mainly PLC4X) I’ve started initiating small changes which could make us > > > come out without too many problems. > > > > > > One thing that seems to be coming up in both the EU as well as the US > > > acts, are the requirement to publish SBOM information (Software Bill Of > > > Material). As we are also using Maven as a build tool, I’ve got a > > > configuration in our poms that ensures an Apache release also produces an > > > SBOM, that we will be able to deploy. > > > > > > Are we interested in adding that to the IoTDB build? > > > > > > Chris
AW: [DISCUSS] Adding the generation of sboms to our build?
I added the config to my pr here: https://github.com/apache/iotdb/pull/10742/commits/c4f4d2e874fd7c1ae4332062e29770925dce7024 Chris Von: Xiangdong Huang Datum: Samstag, 29. Juli 2023 um 08:48 An: dev@iotdb.apache.org Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? Cool, CycloneDX is famous. Look forward! --- Xiangdong Huang Christofer Dutz 于2023年7月15日周六 22:59写道: > > Well in PLC4X the plugin generates an XML version of the SBOM. > We’re using this plugin: > https://github.com/CycloneDX/cyclonedx-maven-plugin > > Chris > > Von: Xiangdong Huang > Datum: Samstag, 15. Juli 2023 um 07:58 > An: dev@iotdb.apache.org > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > Hi Chris, > > Look forward! SBOM has also received a lot of attention in China. > Which kind of format/standard it will obey? > > Best, > --- > Xiangdong Huang > > Christofer Dutz 于2023年7月14日周五 21:28写道: > > > > Hi all, > > > > here in Europe we’re currently preparing for quite a bit of an earthquake > > caused by the Cyber-Resiliency-Act. In some projects I’m involved in > > (Mainly PLC4X) I’ve started initiating small changes which could make us > > come out without too many problems. > > > > One thing that seems to be coming up in both the EU as well as the US acts, > > are the requirement to publish SBOM information (Software Bill Of > > Material). As we are also using Maven as a build tool, I’ve got a > > configuration in our poms that ensures an Apache release also produces an > > SBOM, that we will be able to deploy. > > > > Are we interested in adding that to the IoTDB build? > > > > Chris
Re: [DISCUSS] Adding the generation of sboms to our build?
Cool, CycloneDX is famous. Look forward! --- Xiangdong Huang Christofer Dutz 于2023年7月15日周六 22:59写道: > > Well in PLC4X the plugin generates an XML version of the SBOM. > We’re using this plugin: > https://github.com/CycloneDX/cyclonedx-maven-plugin > > Chris > > Von: Xiangdong Huang > Datum: Samstag, 15. Juli 2023 um 07:58 > An: dev@iotdb.apache.org > Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? > Hi Chris, > > Look forward! SBOM has also received a lot of attention in China. > Which kind of format/standard it will obey? > > Best, > --- > Xiangdong Huang > > Christofer Dutz 于2023年7月14日周五 21:28写道: > > > > Hi all, > > > > here in Europe we’re currently preparing for quite a bit of an earthquake > > caused by the Cyber-Resiliency-Act. In some projects I’m involved in > > (Mainly PLC4X) I’ve started initiating small changes which could make us > > come out without too many problems. > > > > One thing that seems to be coming up in both the EU as well as the US acts, > > are the requirement to publish SBOM information (Software Bill Of > > Material). As we are also using Maven as a build tool, I’ve got a > > configuration in our poms that ensures an Apache release also produces an > > SBOM, that we will be able to deploy. > > > > Are we interested in adding that to the IoTDB build? > > > > Chris
AW: [DISCUSS] Adding the generation of sboms to our build?
Well in PLC4X the plugin generates an XML version of the SBOM. We’re using this plugin: https://github.com/CycloneDX/cyclonedx-maven-plugin Chris Von: Xiangdong Huang Datum: Samstag, 15. Juli 2023 um 07:58 An: dev@iotdb.apache.org Betreff: Re: [DISCUSS] Adding the generation of sboms to our build? Hi Chris, Look forward! SBOM has also received a lot of attention in China. Which kind of format/standard it will obey? Best, --- Xiangdong Huang Christofer Dutz 于2023年7月14日周五 21:28写道: > > Hi all, > > here in Europe we’re currently preparing for quite a bit of an earthquake > caused by the Cyber-Resiliency-Act. In some projects I’m involved in (Mainly > PLC4X) I’ve started initiating small changes which could make us come out > without too many problems. > > One thing that seems to be coming up in both the EU as well as the US acts, > are the requirement to publish SBOM information (Software Bill Of Material). > As we are also using Maven as a build tool, I’ve got a configuration in our > poms that ensures an Apache release also produces an SBOM, that we will be > able to deploy. > > Are we interested in adding that to the IoTDB build? > > Chris
Re: [DISCUSS] Adding the generation of sboms to our build?
Hi Chris, Look forward! SBOM has also received a lot of attention in China. Which kind of format/standard it will obey? Best, --- Xiangdong Huang Christofer Dutz 于2023年7月14日周五 21:28写道: > > Hi all, > > here in Europe we’re currently preparing for quite a bit of an earthquake > caused by the Cyber-Resiliency-Act. In some projects I’m involved in (Mainly > PLC4X) I’ve started initiating small changes which could make us come out > without too many problems. > > One thing that seems to be coming up in both the EU as well as the US acts, > are the requirement to publish SBOM information (Software Bill Of Material). > As we are also using Maven as a build tool, I’ve got a configuration in our > poms that ensures an Apache release also produces an SBOM, that we will be > able to deploy. > > Are we interested in adding that to the IoTDB build? > > Chris
[DISCUSS] Adding the generation of sboms to our build?
Hi all, here in Europe we’re currently preparing for quite a bit of an earthquake caused by the Cyber-Resiliency-Act. In some projects I’m involved in (Mainly PLC4X) I’ve started initiating small changes which could make us come out without too many problems. One thing that seems to be coming up in both the EU as well as the US acts, are the requirement to publish SBOM information (Software Bill Of Material). As we are also using Maven as a build tool, I’ve got a configuration in our poms that ensures an Apache release also produces an SBOM, that we will be able to deploy. Are we interested in adding that to the IoTDB build? Chris