In the dynamic realm of Java development, where libraries and dependencies are rather complex, the need for transparency and security has never been more critical. Enter the Software Bill of Materials (SBOM), a powerful tool that unveils the composition of Java projects, laying bare the elements that contribute to their functionality. I’ll discuss generating SBOM files for Java Maven projects in this blog post.
Link: https://github.com/CycloneDX/cyclonedx-core-java
Add the following plugin to pom.xml
This is to get it running and then run the following command to generate the SBOM files.
This will create a directory called target.
SBOM files in both JSON and XML formats are available to be consumed.
This work has been supported in part by the Energy Transition Fund of the FPS Economy of Belgium through the CYPRESS project, and in part by the VLAIO COOCK program through the IIoT-SBOM project.
Thanks for reading.
Can Özkan
