As an app developer, I want to more easily create an SBOM that does not include dependencies only used by testing targets so that I can provide the SBOM to customers without exposing internal development-only dependencies.
Other CycloneDX generators offer a parameter to ignore some build targets. cyclonedx-maven uses -DexcludeTestProject=true to skip build targets that include the word "test" in their name. cyclonedx-gradle has a more generic skipConfigs that is a comma-separated list of specific build configs to skip. cyclonedx-dotnet has a -t|-exclude-test-projects parameter to exclude test projects from the BOM.
As an app developer, I want to more easily create an SBOM that does not include dependencies only used by testing targets so that I can provide the SBOM to customers without exposing internal development-only dependencies.
Other CycloneDX generators offer a parameter to ignore some build targets. cyclonedx-maven uses
-DexcludeTestProject=true
to skip build targets that include the word "test" in their name. cyclonedx-gradle has a more genericskipConfigs
that is a comma-separated list of specific build configs to skip. cyclonedx-dotnet has a-t|-exclude-test-projects
parameter to exclude test projects from the BOM.