开源软件名称(OpenSource Name):CycloneDX/cyclonedx-maven-plugin开源软件地址(OpenSource Url):https://github.com/CycloneDX/cyclonedx-maven-plugin开源编程语言(OpenSource Language):Java 99.5%开源软件介绍(OpenSource Introduction):CycloneDX Maven PluginThe CycloneDX Maven plugin generates CycloneDX Software Bill of Materials (SBOM) containing the aggregate of all direct and transitive dependencies of a project. CycloneDX is a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. Maven Usage<!-- uses default configuration -->
<plugins>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>2.7.1</version>
</plugin>
</plugins> Default Values<plugins>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>2.7.1</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>makeAggregateBom</goal>
</goals>
</execution>
</executions>
<configuration>
<projectType>library</projectType>
<schemaVersion>1.4</schemaVersion>
<includeBomSerialNumber>true</includeBomSerialNumber>
<includeCompileScope>true</includeCompileScope>
<includeProvidedScope>true</includeProvidedScope>
<includeRuntimeScope>true</includeRuntimeScope>
<includeSystemScope>true</includeSystemScope>
<includeTestScope>false</includeTestScope>
<includeLicenseText>false</includeLicenseText>
<outputReactorProjects>true</outputReactorProjects>
<outputFormat>all</outputFormat>
<outputName>bom</outputName>
</configuration>
</plugin>
</plugins> Excluding ProjectsWith
GoalsThe CycloneDX Maven plugin contains the following three goals:
By default, the BOM(s) will be attached as an additional artifacts during a Maven install or deploy.
This may be switched off by setting makeBom and makeAggregateBom can optionally be skipped completely by setting CycloneDX Schema SupportThe following table provides information on the version of this node module, the CycloneDX schema version supported, as well as the output format options. Use the latest possible version of this node module that is the compatible with the CycloneDX version supported by the target system.
Maven Plugin DocumentationThe Maven plugin documentation can be viewed online at https://cyclonedx.github.io/cyclonedx-maven-plugin/. Copyright & LicenseCycloneDX Maven Plugin is Copyright (c) OWASP Foundation. All Rights Reserved. Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论