BUILD-1513 Add cycloneDX plugin for sbom management (#78)

tomverin · web-flow · commit 3effe99ee88d · 2022-04-12T10:59:07.000+02:00
diff --git a/pom.xml b/pom.xml
@@ -129,6 +129,7 @@
     <version.codehaus.license.plugin>2.0.0</version.codehaus.license.plugin>
     <version.mycila.license.plugin>3.0</version.mycila.license.plugin>
     <version.gpg.plugin>0.3.1</version.gpg.plugin>
+    <version.cyclonedx.plugin>2.5.3</version.cyclonedx.plugin>
 
     <!-- To configure maven-license-plugin to check license headers -->
     <license.name>GNU LGPL v3</license.name>
@@ -330,6 +331,23 @@
           <artifactId>sign-maven-plugin</artifactId>
           <version>${version.gpg.plugin}</version>
         </plugin>
+        <plugin>
+          <groupId>org.cyclonedx</groupId>
+          <artifactId>cyclonedx-maven-plugin</artifactId>
+          <version>${version.cyclonedx.plugin}</version>
+          <configuration>
+            <projectType>application</projectType>
+            <includeBomSerialNumber>true</includeBomSerialNumber>
+            <includeCompileScope>true</includeCompileScope>
+            <includeProvidedScope>true</includeProvidedScope>
+            <includeRuntimeScope>true</includeRuntimeScope>
+            <includeSystemScope>true</includeSystemScope>
+            <includeTestScope>true</includeTestScope>
+            <includeLicenseText>false</includeLicenseText>
+            <outputFormat>json</outputFormat>
+            <outputName>bom</outputName>
+          </configuration>
+        </plugin>
       </plugins>
     </pluginManagement>
 
