Merge e9fd21771b into 9bbd32a8ef

2026-03-09 13:14:43 +00:00 · 2026-03-09 13:14:43 +00:00 · ff382f6179
parent 9bbd32a8ef e9fd21771b
commit ff382f6179
2 changed files with 56 additions and 0 deletions
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@ -0,0 +1,30 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: generate sboms
+
+jobs:
+  build:
+    name: ui sbom
+    uses: sbomify/github-action@master
+    env:
+      LOCK_FILE: ui/package-lock.json
+      OUTPUT_FILE: sbom.ui.cdx.json
+      COMPONENT_NAME: my-app
+      COMPONENT_VERSION: ${{ github.ref_name }}
+      UPLOAD: false
+      ENRICH: true
--- a/pom.xml
+++ b/pom.xml
@ -848,6 +848,32 @@
                    </execution>
                </executions>
            </plugin>
+            <plugin>
+                <groupId>org.cyclonedx</groupId>
+                <artifactId>cyclonedx-maven-plugin</artifactId>
+                <version>2.9.1</version>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>makeAggregateBom</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <projectType>application</projectType>
+                    <schemaVersion>1.6</schemaVersion>
+                    <includeBomSerialNumber>true</includeBomSerialNumber>
+                    <includeCompileScope>true</includeCompileScope>
+                    <includeProvidedScope>true</includeProvidedScope>
+                    <includeRuntimeScope>true</includeRuntimeScope>
+                    <includeSystemScope>true</includeSystemScope>
+                    <includeTestScope>false</includeTestScope>
+                    <includeLicenseText>false</includeLicenseText>
+                    <outputFormat>all</outputFormat>
+                    <outputName>ACS.sbom</outputName>
+                </configuration>
+            </plugin>
        </plugins>
        <pluginManagement>
            <plugins>