Our great sponsors
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
There is a CylconeDX plugin available on Maven central and Github that appears to be well-maintained and commonly used.
For SPDX, there is a Maven plugin as well. However, this is still marked as a prototype. In the example below, I used the latest version (at the time of writing) with a similar configuration as mentioned in the GitHub README. Additionally, I bound the SPDX creation task to the package phase, similar to the CycloneDX example.
Alternatively, there is command line tool available called spdx-sbom-generator. This CLI tool can generate SPDX SBOMs for many package managers, including Maven for Java applications. Gradle is currently not supported.
There is a CyconeDX plugin available for Gradle. Just like the Maven plugin we discussed earlier, the Gradle plugin is released by the CycloneDX organization on Github with some of the same maintainers as the Maven plugin.
Related posts
- Krita fund has 0 corporate support
- Who in your organization is responsible for deciding and implementing AppSec tools? And any recommendations for a reliable alternative for Snyk tools? Thanks!
- SBOM management program?
- Go, SBOM and DependencyTrack
- How to Automate the Software Bill of Materials (SBOM)