Giters

jskov-jyskebank-dk / cyclonedx-gradle-plugin

Creates CycloneDX Software Bill-of-Materials (SBoM) from Gradle projects

Home Page:https://cyclonedx.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Build Status License Website Group Discussion Twitter

CycloneDX Gradle Plugin

The CycloneDX Gradle plugin creates an aggregate of all dependencies and transitive dependencies of a project and creates a valid CycloneDX bill-of-material document from the results. CycloneDX is a lightweight BoM specification that is easily created, human readable, and simple to parse. The resulting bom.xml can be used with tools such as OWASP Dependency-Track for the continuous analysis of components.

Usage

Execution:

gradle cyclonedxBom

Output CycloneDX Generation Info:

gradle cyclonedxBom -info

Exclude BOM Serial Number:

gradle cyclonedxBom -Pcyclonedx.includeBomSerialNumber=false

build.gradle (excerpt)

plugins {
    id 'org.cyclonedx.bom' version '1.0.0' apply true
}

apply plugin: 'java'
apply plugin: 'maven'

repositories {
    mavenCentral()
}

settings.gradle (excerpt)

pluginManagement {
    resolutionStrategy {
        eachPlugin {
            if (requested.id.toString() == 'org.cyclonedx.bom') {
                useModule('org.cyclonedx:cyclonedx-gradle-plugin:1.0.0')
            }
        }
    }
    repositories {
        mavenCentral()
    }
}

Once a BOM is generated, it will reside at ./build/reports/bom.xml

Copyright & License

CycloneDX Gradle Plugin is Copyright (c) Steve Springett. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.

About

Creates CycloneDX Software Bill-of-Materials (SBoM) from Gradle projects

https://cyclonedx.org/

License:Apache License 2.0

Languages

Language:Java 98.0%Language:Shell 2.0%