Open karthika-g opened 1 year ago
caused by https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/384
@hboutemy what is your opinion on the new namespace?
would somebody draft a pullrequest for the new namespace? See the existing ones for examples: https://github.com/CycloneDX/cyclonedx-property-taxonomy/tree/main/cdx
we then could discuss changes and additions in the opened pulrequest.
We already have created a few properties in previous cyclonedx-maven-plugin without making them formal: I'll need to formalize existing ones and new ones need to be created immediately in the official taxonomy I'll have a look next week, I'm busy for now...
Great. Looking forward to merging your pullrequest. :D
Maven plugin seems to be using a maven:
prefix.
https://github.com/CycloneDX/cyclonedx-property-taxonomy
"properties" : [
{
"name" : "maven.goal",
"value" : "makeAggregateBom"
},
{
"name" : "maven.scopes",
"value" : "compile,provided,runtime,system,test"
}
]
see discussion here: https://github.com/CycloneDX/cyclonedx-property-taxonomy/pull/69
Hi,
This is a proposal to add a new Namespace for Maven under cdx namespace. For example something like
cdx:maven
similar to npm.With this a property to specify the scope of the dependency
scope
. i.e https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#dependency-scope which can be repreented ascdx:maven:package:scope