GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → CycloneDX → cyclonedx-maven-plugin

CycloneDX / cyclonedx-maven-plugin

Licence: Apache-2.0 License
Creates CycloneDX Software Bill of Materials (SBOM) from Maven projects

Programming Languages

java
68154 projects - #9 most used programming language
shell
77523 projects

Labels

mavenowaspmaven-pluginbomvexspdxbill-of-materialssoftware-bill-of-materialspurlpackage-urlsbomcyclonedxsbom-generatorobommbomsaasbom

Projects that are alternatives of or similar to cyclonedx-maven-plugin

cyclonedx-php-composer
Create CycloneDX Software Bill of Materials (SBOM) from PHP Composer projects
Stars: ✭ 20 (-80.58%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
cyclonedx-python
Creates CycloneDX Software Bill of Materials (SBOM) from Python projects and environments.
Stars: ✭ 78 (-24.27%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
cyclonedx-cli
CycloneDX CLI tool for SBOM analysis, merging, diffs and format conversions.
Stars: ✭ 154 (+49.51%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
cyclonedx-dotnet
Creates CycloneDX Software Bill of Materials (SBOM) from .NET Projects
Stars: ✭ 110 (+6.8%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, purl, package-url, sbom, cyclonedx, sbom-generator, obom, mbom, saasbom
specification
Software Bill of Material (SBOM) standard designed for use in application security contexts and supply chain component analysis
Stars: ✭ 129 (+25.24%)
Mutual labels:  owasp, bom, vex, spdx, bill-of-materials, software-bill-of-materials, sbom, cyclonedx, obom, mbom, saasbom
cyclonedx-gomod
Creates CycloneDX Software Bill of Materials (SBOM) from Go modules
Stars: ✭ 27 (-73.79%)
Mutual labels:  owasp, bom, vex, bill-of-materials, software-bill-of-materials, sbom, sbom-generator, obom, mbom, saasbom
scancode.io
ScanCode.io is a server to script and automate software composition analysis pipelines with ScanPipe pipelines. This project is sponsored by NLnet project https://nlnet.nl/project/vulnerabilitydatabase/ Google Summer of Code, nexB and others generous sponsors!
Stars: ✭ 66 (-35.92%)
Mutual labels:  spdx, purl, package-url, cyclonedx
cyclonedx-node-module
creates CycloneDX Software Bill of Materials (SBOM) from node-based projects
Stars: ✭ 104 (+0.97%)
Mutual labels:  bom, software-bill-of-materials, sbom, cyclonedx
awesome-sbom
A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles
Stars: ✭ 164 (+59.22%)
Mutual labels:  software-bill-of-materials, sbom, sbom-generator
dep-scan
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI and Google CloudBuild. No server required!
Stars: ✭ 346 (+235.92%)
Mutual labels:  vex, sbom, cyclonedx
SBOM
Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
Stars: ✭ 38 (-63.11%)
Mutual labels:  bill-of-materials, sbom, sbom-generator
cdxgen
Creates CycloneDX Software Bill-of-Materials (SBOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI//CD pipeline with automatic submission to Dependency Track server.
Stars: ✭ 75 (-27.18%)
Mutual labels:  bom, sbom, cyclonedx
webstart
www.mojohaus.org/webstart/
Stars: ✭ 27 (-73.79%)
Mutual labels:  maven, maven-plugin
RapidMavenPushPlugin
A Gradle plugin : Upload Artifacts to Multi Maven Repository
Stars: ✭ 21 (-79.61%)
Mutual labels:  maven, maven-plugin
kobby
Kobby is a codegen plugin of Kotlin DSL Client by GraphQL schema. The generated DSL supports execution of complex GraphQL queries, mutation and subscriptions in Kotlin with syntax similar to native GraphQL syntax.
Stars: ✭ 52 (-49.51%)
Mutual labels:  maven, maven-plugin
light-jpf
Lightweight Java Plugin Framework
Stars: ✭ 19 (-81.55%)
Mutual labels:  maven, maven-plugin
www-project-csrfguard
The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens
Stars: ✭ 43 (-58.25%)
Mutual labels:  maven, owasp
packageurl-python
Python implementation of the package url spec
Stars: ✭ 26 (-74.76%)
Mutual labels:  purl, package-url
keep-changelog-maven-plugin
Maven plugin to help creating CHANGELOG by keeping one format and solving merge request conflicts problem by extraction of new CHANGELOG entries to seperate files.
Stars: ✭ 22 (-78.64%)
Mutual labels:  maven, maven-plugin
jaxws-maven-plugin
www.mojohaus.org/jaxws-maven-plugin/
Stars: ✭ 18 (-82.52%)
Mutual labels:  maven, maven-plugin
View All Similar Projects ➔

Build Status Maven Central License Website Slack Invite Group Discussion Twitter

CycloneDX Maven Plugin

The CycloneDX Maven plugin creates an aggregate of all direct and transitive dependencies of a project and creates a valid CycloneDX SBOM. CycloneDX is a lightweight software bill of materials (SBOM) specification designed for use in application security contexts and supply chain component analysis.

Maven Usage

<!-- uses default configuration -->
<plugins>
    <plugin>
        <groupId>org.cyclonedx</groupId>
        <artifactId>cyclonedx-maven-plugin</artifactId>
        <version>2.6.0</version>
    </plugin>
</plugins>

Default Values

<plugins>
    <plugin>
        <groupId>org.cyclonedx</groupId>
        <artifactId>cyclonedx-maven-plugin</artifactId>
        <version>2.6.0</version>
        <executions>
            <execution>
                <phase>package</phase>
                <goals>
                    <goal>makeAggregateBom</goal>
                </goals>
            </execution>
        </executions>
        <configuration>
            <projectType>library</projectType>
            <schemaVersion>1.4</schemaVersion>
            <includeBomSerialNumber>true</includeBomSerialNumber>
            <includeCompileScope>true</includeCompileScope>
            <includeProvidedScope>true</includeProvidedScope>
            <includeRuntimeScope>true</includeRuntimeScope>
            <includeSystemScope>true</includeSystemScope>
            <includeTestScope>false</includeTestScope>
            <includeLicenseText>false</includeLicenseText>
            <outputFormat>all</outputFormat>
            <outputName>bom</outputName>
        </configuration>
    </plugin>
</plugins>

Excluding Projects

With makeAggregateBom goal it is possible to exclude certain Maven Projects (artifactId) from getting included in bom.

  • Pass -DexcludeTestProject=true to skip any maven project artifactId containing the word "test"
  • Pass -DexcludeArtifactId=comma separated id to skip based on artifactId

Notes

As of v2.5.0, the default CycloneDX BOM format is v1.3 and will produce both XML and JSON.

Goals

The CycloneDX Maven plugin contains the following three goals:

  • makeBom
  • makeAggregateBom
  • makePackageBom

By default, the BOM(s) will be attached as an additional artifacts during a Maven install or deploy.

  • ${project.artifactId}-${project.version}-cyclonedx.xml
  • ${project.artifactId}-${project.version}-cyclonedx.json

This may be switched off by setting cyclonedx.skipAttach to true.

makeBom and makeAggregateBom can optionally be skipped completely by setting cyclonedx.skip to true.

CycloneDX Schema Support

The following table provides information on the version of this node module, the CycloneDX schema version supported, as well as the output format options. Use the latest possible version of this node module that is the compatible with the CycloneDX version supported by the target system.

Version Schema Version Format(s)
2.6.x CycloneDX v1.4 XML/JSON
2.5.x CycloneDX v1.3 XML/JSON
2.0.x CycloneDX v1.2 XML/JSON
1.4.x CycloneDX v1.1 XML
1.0x CycloneDX v1.0 XML

Copyright & License

CycloneDX Maven Plugin is Copyright (c) OWASP Foundation. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].