Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom named cyclonedx maven bom output #518

Closed
benmss opened this issue Oct 18, 2023 · 0 comments · Fixed by #524
Closed

Support custom named cyclonedx maven bom output #518

benmss opened this issue Oct 18, 2023 · 0 comments · Fixed by #524
Assignees
@benmss
Labels
enhancement Enhancement of a feature SBOM related to SBOM handling

Comments

@benmss
Copy link
Member

benmss commented Oct 18, 2023

Some artifacts use a custom name for the SBOM output of cyclonedx-maven via the property outputName. This is either specified in the artifact's pom.xml or is inherited from a parent.
E.g. apache/commons-io with parent of commons-parent

<configuration>
<outputName>${project.artifactId}-${project.version}-bom</outputName>
</configuration>

Thereby creating the file: commons-lang3-<version>-bom.json instead of the default bom.json as Macaron expects.

Supplying the property with the default value in Macaron does not appear to override the inherited value.
An alternative solution is to accept all json files in the expected directory, and rely upon current validation to filter out any bad files.

Artifacts with custom directories in their cyclonedx configuration are not considered in this issue, due to the considerable amount of extra complexity that would add.
@benmss benmss added enhancement Enhancement of a feature SBOM related to SBOM handling labels Oct 18, 2023
@benmss benmss self-assigned this Oct 18, 2023
@benmss benmss mentioned this issue Oct 19, 2023
Merged
@benmss benmss linked a pull request Oct 22, 2023 that will close this issue
chore: improve cyclonedx-mvn bom file check to include files with cus… #524
Merged
@benmss benmss closed this as completed Jan 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@benmss benmss

Labels
enhancement Enhancement of a feature SBOM related to SBOM handling
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: improve cyclonedx-mvn bom file check to include files with cus… oracle/macaron
1 participant
@benmss