cyclonedx-maven-plugin icon indicating copy to clipboard operation
cyclonedx-maven-plugin copied to clipboard
verified publisher icon CycloneDX

Sort by artifactId

Open Bananeweizen opened this issue 2 years ago • 1 comments

I'm a big fan of stable and easy to read output for any tool. Therefore I'd like to provide a patch which sorts the projects in the reactor by artifact id, before doing any further work. That would lead to the "excluded" or "analyzing" output to be sorted, and might also lead to a more stable order in the generated output files. Right now, just changing module order in a reactor can lead to different output, although there hasn't been any semantic change from the dependency point of view.

Any concerns about that?

Bananeweizen avatar Jun 13 '23 13:06 Bananeweizen

sorting is a good idea: doing it at reactor level less :) just do the sorting once data has been extracted, then at SBOM object model level, and everything will be fine

I don't know if anybody will complain that components order won't match classpath order any more: we'll see (or need) community feedback

hboutemy avatar Jun 14 '23 06:06 hboutemy