siculo
commented
2 years ago Hashes are on the way in 0.4.0 release.
Open pjfanning opened 2 years ago
siculo
commented
2 years ago Hashes are on the way in 0.4.0 release.
v0.3.0 does not add the hashes for the components (ie the dependent jars).
Examples can be seen in https://github.com/CycloneDX/bom-examples/blob/master/SBOM/dropwizard-1.3.15/bom.xml -- I'm not sure that all the hashes in the example are needed.
Some hashes should already be in the Coursier cache for each jar - Maven Central typically adds MD5 and SHA1. SBT or Coursier may provide support for getting these hashes or generating more.