hiifong/pmd
1
0
Fork 0
forked from phoedos/pmd
Code Pull Requests Activity

Provide Software Bill of Materials (SBOM)

Browse Source 
- Add cyclonedx plugin to generate SBOM (Software Bill of Materials)
- The SBOM is attached and deployed into maven central
- The SBOM is also included in the binary distribution of PMD

See https://github.com/CycloneDX/cyclonedx-maven-plugin
This commit is contained in:
Andreas Dangel 2023-04-06 12:49:37 +02:00
parent 7a89f550d9
commit ae0bf240d7
No known key found for this signature in database
GPG Key ID: 93450DF2DF9A3FA3
4 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/pages/release_notes.md
View File

@ -40,6 +40,8 @@ This section lists the most important changes from the last release candidate.
The remaining section describe the complete release notes for 7.0.0.
Fixed Issues:
* miscellaneous
* [#4462](https://github.com/pmd/pmd/issues/4462): Provide Software Bill of Materials (SBOM)
* java-codestyle
* [#4273](https://github.com/pmd/pmd/issues/4273): \[java] CommentDefaultAccessModifier ignoredAnnotations should include "org.junit.jupiter.api.extension.RegisterExtension" by default
* java-errorprone
@ -208,6 +210,7 @@ See [Detailed Release Notes for PMD 7](pmd_release_notes_pmd7.html).
* [#2497](https://github.com/pmd/pmd/issues/2497): PMD 7 Logo page
* [#2498](https://github.com/pmd/pmd/issues/2498): Update PMD 7 Logo in documentation
* [#3797](https://github.com/pmd/pmd/issues/3797): \[all] Use JUnit5
* [#4462](https://github.com/pmd/pmd/issues/4462): Provide Software Bill of Materials (SBOM)
* ant
* [#4080](https://github.com/pmd/pmd/issues/4080): \[ant] Split off Ant integration into a new submodule
* core

13
pmd-dist/src/main/resources/assemblies/pmd-bin.xml
View File

@ -53,6 +53,19 @@
</fileSet>
</fileSets>
<files>
<file>
<source>target/bom.xml</source>
<outputDirectory>sbom</outputDirectory>
<destName>pmd-${project.version}-cyclonedx.xml</destName>
</file>
<file>
<source>target/bom.json</source>
<outputDirectory>sbom</outputDirectory>
<destName>pmd-${project.version}-cyclonedx.json</destName>
</file>
</files>
<dependencySets>
<!-- shell completion goes to shell/ -->
<dependencySet>

2
pmd-dist/src/test/java/net/sourceforge/pmd/it/BinaryDistributionIT.java
View File

@ -87,6 +87,8 @@ class BinaryDistributionIT extends AbstractBinaryDistributionTest {
result.add(basedir + "shell/pmd-completion.sh");
result.add(basedir + "lib/pmd-core-" + PMDVersion.VERSION + ".jar");
result.add(basedir + "lib/pmd-java-" + PMDVersion.VERSION + ".jar");
result.add(basedir + "sbom/pmd-" + PMDVersion.VERSION + "-cyclonedx.xml");
result.add(basedir + "sbom/pmd-" + PMDVersion.VERSION + "-cyclonedx.json");
return result;
}

25
pom.xml
View File

@ -503,6 +503,11 @@
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.8</version>
</plugin>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>2.7.6</version>
</plugin>
<!--This plugin's configuration is used to store Eclipse
m2e settings only. It has no influence on the Maven build itself. -->
<plugin>
@ -624,6 +629,26 @@
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
</configuration>
</plugin>
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>makeAggregateBom</goal>
</goals>
</execution>
</executions>
<!-- https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/326 -->
<dependencies>
<dependency>
<groupId>org.ow2.asm</groupId>
<artifactId>asm</artifactId>
<version>9.5</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>