sbt-bom
sbt-bom copied to clipboard
siculo
sbt bom.xml exporter
It would be really great if sbt-bom could integrate with sbt-assembly, so it'd accurately describe libraries included (or even shaded) into the artifact. Currently the Maven CycloneDX plugin [does not...
It would be nice if the generated bom could be published to where-ever the project using sbt-bom is published, similar to [cyclonedx-maven-plugin](https://github.com/CycloneDX/cyclonedx-maven-plugin) and [cyclonedx-maven-plugin](https://github.com/spdx/spdx-maven-plugin)
The project will be distribuited with both MIT license and Hippocratic License 3.0. Here is the customized HL3 that will be used: https://firstdonoharm.dev/build?modules=sv
v0.3.0 does not add the hashes for the components (ie the dependent jars). Examples can be seen in https://github.com/CycloneDX/bom-examples/blob/master/SBOM/dropwizard-1.3.15/bom.xml -- I'm not sure that all the hashes in the example...
Some items (i.e. "component") allow any attributes from a namespace other than bom schema's namespace (lax validation). Custom attributes could be defined in the build.sbt, so tbat they are included...
Hi, Recently I am trying to use your sbt-bom plugin which is officially recommended by CycloneDx and build the bom.xml file. I compared the generated bom file with the Maven...
The repository gives a wrong suggestion on how to add the dependency. The line > libraryDependencies += "io.github.siculo" % "sbt-bom" % "0.3.0" is wrong. It should be > libraryDependencies +=...
As part of our efforts to improve the security and quality posture of the open source supply chain, we plan to enable additional scanning of dependencies for security alerts soon....
ModuleReport have no component description, even if the POM of its artifact has one.