cyclonedx-gradle-plugin icon indicating copy to clipboard operation
cyclonedx-gradle-plugin copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

Could the plugin write the components in a sorted order?

Open spliffone opened this issue 2 years ago • 0 comments

Problem

The JSON/XML CycloneDx SBOM write the components just like they are in the source set. From a user perspective I would like to commit the generated SBOM and see the changes in my Git history.

Proposal

Ordering the components by there PURL is quite helpful since changes in the metadata will not effect output. Maybe an optional task input to could enable the sorting.

cyclonedxBom {
    // includeConfigs is the list of configuration names to include when generating the BOM (leave empty to include every configuration)
    includeConfigs += ["runtimeClasspath"]
    // persist the components in the output SBOM ordered by there PURL
    ordered = true
}

spliffone avatar Apr 29 '22 06:04 spliffone