sbt-bom icon indicating copy to clipboard operation
sbt-bom copied to clipboard
verified publisher icon siculo

include component hashes

Open pjfanning opened this issue 3 years ago • 1 comments

v0.3.0 does not add the hashes for the components (ie the dependent jars).

Examples can be seen in https://github.com/CycloneDX/bom-examples/blob/master/SBOM/dropwizard-1.3.15/bom.xml -- I'm not sure that all the hashes in the example are needed.

Some hashes should already be in the Coursier cache for each jar - Maven Central typically adds MD5 and SHA1. SBT or Coursier may provide support for getting these hashes or generating more.

pjfanning avatar Jul 19 '22 21:07 pjfanning

Hashes are on the way in 0.4.0 release.

siculo avatar Aug 09 '22 13:08 siculo