Provide SBOM as released artifacts when releasing (#1631)

Signed-off-by: Andrea Cosentino <ancosen@gmail.com>
apache · Sep 7, 2023 · 4e8f2f8 · 4e8f2f8
1 parent 17cf92e
commit 4e8f2f8
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -424,6 +424,23 @@
                             </failIfNoFiles><!-- usually, no file to do checksum: don't consider error -->
                         </configuration>
                     </plugin>
+                   <plugin>
+                   <groupId>org.cyclonedx</groupId>
+                   <artifactId>cyclonedx-maven-plugin</artifactId>
+                   <version>${cyclonedx-maven-plugin-version}</version>
+                   <inherited>false</inherited>
+                   <executions>
+                       <execution>
+                           <phase>package</phase>
+                           <goals>
+                               <goal>makeAggregateBom</goal>
+                           </goals>
+                      </execution>
+                   </executions>
+                   <configuration>
+                         <outputName>${project.artifactId}-${project.version}-sbom</outputName>
+                   </configuration>
+                </plugin>
                 </plugins>
             </build>
         </profile>