sbt-bom icon indicating copy to clipboard operation
sbt-bom copied to clipboard
verified publisher icon siculo

support SPDX

Open raboof opened this issue 1 year ago • 2 comments

Should we also support publishing the SBOM in SPDX format?

raboof avatar Nov 13 '24 13:11 raboof

This could be pretty easy using https://github.com/spdx/cdx2spdx It's available on maven.

lhns avatar Dec 12 '24 11:12 lhns

Interesting find! It's hard to predict whether it'll be easier to pull in that dependency or to generate SPDX 'directly', but both approaches are worth a try!

raboof avatar Dec 12 '24 11:12 raboof