search

eclipse / steady

Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
Apache License 2.0
517 stars 124 forks source link

Generate CycloneDX SBOM #551

Closed VinodAnandan closed 2 years ago

VinodAnandan commented 2 years ago

OWASP CycloneDX is a lightweight Software Bill of Materials (SBOM) standard designed to use in the application security contexts and supply chain component analysis. CycloneDX is an OWASP flagship project ( owasp.org/www-project-cyclonedx ). The Open Web Application Security Project is a non-profit foundation that works to improve the security of software. CycloneDX is already supported by many security vendors and projects ( cyclonedx.org/about/supporters ). It is also recommended in the Technology Radar Volume 26 ( thoughtworks.com/radar/platforms?blipid=202203034 )

More details about the plugin : https://github.com/CycloneDX/cyclonedx-maven-plugin#maven-usage

henrikplate commented 2 years ago

@VinodAnandan Thank you for creating the PR, it works well and produces an SBOM for the aggregator POM. Before I proceed with merging, can you please sign Eclipse's contributor agreement?

VinodAnandan commented 2 years ago

@henrikplate I have signed Eclipse's contributor agreement