[ODLPARENT-280] Generate an SBOM for artifacts Created: 24/Feb/22  Updated: 20/Oct/22  Resolved: 24/Feb/22

Status: Resolved
Project: odlparent
Component/s: General
Affects Version/s: None
Fix Version/s: 10.0.0, 9.0.16

Type: New Feature Priority: Medium
Reporter: Robert Varga Assignee: Robert Varga
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

As part of improving OpenDaylight's inputs into supply chain security, generate an SBOM for all artifacts built by maven, so they can be signed and published to Maven Central.



 Comments   
Comment by Robert Varga [ 24/Feb/22 ]

Integrating cyclonedx-maven-plugin seems super easy.

The metadata seems to be properly attached to build artifacts and signed by Sigul in stage jobs. Unless something crops up, this job is done.

Generated at Wed Feb 07 20:28:06 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.