Open jonnybecker opened 3 months ago
I'm just wondering if 'externalReferences' can be disabled since they are optional?
no option has been prepared for that: I fear this could add a lot of complexity, without a use case until now
I don't want this information in my bom since I don't want some internal company information "leaked".
thinking at it, managing such expectation about redacting content is probably something that should be done as a post-processing step
somethig like "website = parent 'project.url' + artifactId", which leads to odd urls. I wonder if this is a bug? Could not find any documentation on this behaviour.
here is the documentation of the mechanism involved = inheritance: https://maven.apache.org/ref/3.9.8/maven-model-builder/#inheritance-assembly , which is one of the mechanisms about building effective POM
Thanks for clearing things up
I'm just wondering if 'externalReferences' can be disabled since they are optional?
My problem is, that I don't want this information in my bom since I don't want some internal company information "leaked".
The second problem which I have, that I don't get how the External Reference type 'website' is calculated. The documentation (https://cyclonedx.github.io/cyclonedx-maven-plugin/external-references.html) states, that is is taken from POM field 'project.url'. Now if the dependency has no 'project.url' itself, but its parent has one calculates the 'website' somethig like "website = parent 'project.url' + artifactId", which leads to odd urls. I wonder if this is a bug? Could not find any documentation on this behaviour.