Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
SBOM are not created during every build, but only if the prepare-release profile is enabled (formerly called javadoc). The Jenkinsfilehas been adjusted accordingly. Finally, the cyclonedx-maven-plugin has also been added to the modules rest-backend and rest-lib-utils, and updated to version 2.7.1.
To test the SBOM generation for all 18 modules and the aggregator, run mvn -DskipTests -Dspring.standalone clean install -P prepare-release,gradle, and check whether the SBOM have been installed in the local M2 folder.
SBOM are not created during every build, but only if the
prepare-releaseprofile is enabled (formerly calledjavadoc). TheJenkinsfilehas been adjusted accordingly. Finally, thecyclonedx-maven-pluginhas also been added to the modulesrest-backendandrest-lib-utils, and updated to version 2.7.1.To test the SBOM generation for all 18 modules and the aggregator, run
mvn -DskipTests -Dspring.standalone clean install -P prepare-release,gradle, and check whether the SBOM have been installed in the local M2 folder.