search

CycloneDX / cyclonedx-gradle-plugin

Creates CycloneDX Software Bill of Materials (SBOM) from Gradle projects
https://cyclonedx.org/
Apache License 2.0
162 stars 77 forks source link

Introduce a way to provide project description #472

Open skhokhlov opened 4 months ago

skhokhlov commented 4 months ago

Created from https://github.com/CycloneDX/cyclonedx-gradle-plugin/issues/340

Component type has description field which is populated for dependencies, but unused for the project metadata. It would be nice to make it possible.

danhallin commented 3 months ago

In my realm the gradle subproject I run the CycloneDX-command on is also a java-library like all dependencies. The problem I described in #340 relates to that this top application project is not treated the same as all other dependencies/subprojects so it is not included in the component list.

A solution for my use-case would be to have an option to include even the top project into the component list similar to all other dependencies/subprojects.

The metadata.component entries could then be a separate cyclonedx-specific setting?