Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-1746

Provide Software Bill Of Materials (SBOM)

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 3.0.3, 4.0.0
    • None
    • None

    Description

      This issue aims to publish SBOM artifact along with the other Apache projects.

      Software Bill of Materials (SBOM) are additional artifacts containing the aggregate of all direct and transitive dependencies of a project. The US Government (based on NIST recommendations) currently accepts only the three most popular SBOM standards as valid, namely: CycloneDX, Software Identification (SWID) tag, Software Package Data Exchange® (SPDX).

      The CycloneDX maven plugin seems to be fit for the job.

      Attachments

        Activity

          People

            ilgrosso Francesco Chicchiricc├▓
            ilgrosso Francesco Chicchiricc├▓
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: