Thanks, I missed commons-io because it's not yet under the org.apache.commons groupId. Filed https://github.com/apache/security-site/issues/20
Commons-lang is already in there ( https://github.com/apache/security-site/tree/sboms/sboms/commons/commons-lang3), and also shows up in the graph for me (e.g. as a dependency of commons-text and commons-compress). On Mon, Oct 21, 2024 at 8:19 PM Gary Gregory <garydgreg...@gmail.com> wrote: > Hi Arnout, > > I think there are a couple of Commons components missing like Lang and IO. > Most components published in the past year should have SBOMs. > > Gaty > > On Mon, Oct 21, 2024, 9:35 AM Arnout Engelen <enge...@apache.org> wrote: > > > Hello, > > > > During a recent discussion elsewhere we figured it might be nice to > collect > > the SBOMs currently published by Apache projects in a single place to > > facilitate experimentation. I've put those at > > https://github.com/apache/security-site/tree/sboms/sboms for now. As you > > can see there's already a fair number of ASF projects publishing SBOMs, > and > > I'm sure I've missed some - LMK. > > > > I also created an interactive visualization showing the > interrelationships > > between projects that are publishing SBOMs. You can find it at > > https://security-tools-ec2-va.apache.org/sbom/. You can enable/disable > > projects and drag nodes around - best enjoyed on desktop :). If you're > > missing any projects, help them get their SBOMs published and included! > > > > If you want to read up on SBOMs or share knowledge, check out > > > > > https://cwiki.apache.org/confluence/display/SECURITY/SBOM+Software+Bill+of+Materials > > > > > > Kind regards, > > > > -- > > Arnout Engelen > > ASF Security Response > > Apache Pekko PMC member, ASF Member > > NixOS Committer > > Independent Open Source consultant > > > -- Arnout Engelen ASF Security Response Apache Pekko PMC member, ASF Member NixOS Committer Independent Open Source consultant
