在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
开源软件名称(OpenSource Name):CycloneDX/cyclonedx-gradle-plugin开源软件地址(OpenSource Url):https://github.com/CycloneDX/cyclonedx-gradle-plugin开源编程语言(OpenSource Language):Java 81.0%开源软件介绍(OpenSource Introduction):CycloneDX Gradle PluginThe CycloneDX Gradle plugin creates an aggregate of all direct and transitive dependencies of a project and creates a valid CycloneDX SBOM. CycloneDX is a lightweight software bill of materials (SBOM) specification designed for use in application security contexts and supply chain component analysis. UsageExecution: gradle cyclonedxBom Output CycloneDX Generation Info: gradle cyclonedxBom -info build.gradle (excerpt) plugins {
id 'org.cyclonedx.bom' version '1.6.1'
} Once a BOM is generated, by default it will reside at Configuration: You can control the configurations included in the BOM: cyclonedxBom {
// includeConfigs is the list of configuration names to include when generating the BOM (leave empty to include every configuration)
includeConfigs += ["runtimeClasspath"]
// skipConfigs is a list of configuration names to exclude when generating the BOM
skipConfigs += ["compileClasspath", "testCompileClasspath"]
// Specified the type of project being built. Defaults to 'library'
projectType = "application"
// Specified the version of the CycloneDX specification to use. Defaults to 1.4.
schemaVersion = "1.4"
// Boms destination directory (defaults to build/reports)
destination = file("build/reports")
// The file name for the generated BOMs (before the file format suffix). Defaults to 'bom'
outputName = "bom"
// The file format generated, can be xml, json or all for generating both
outputFormat = "json"
// Exclude BOM Serial Number
includeBomSerialNumber = false
} If you are using the Kotlin DSL, the plugin can be configured as following: tasks.cyclonedxBom {
setIncludeConfigs(listOf("runtimeClasspath"))
setSkipConfigs(listOf("compileClasspath", "testCompileClasspath"))
setProjectType("application")
setSchemaVersion("1.4")
setDestination(project.file("build/reports"))
setOutputName("bom")
setOutputFormat("json")
setincludeBomSerialNumber(false)
} Run gradle with info logging (-i option) to see which configurations add to the BOM. CycloneDX Schema SupportThe following table provides information on the version of this gradle plugin, the CycloneDX schema version supported, as well as the output format options. Use the latest possible version of this plugin that is the compatible with the CycloneDX version supported by the target system.
Copyright & LicenseCycloneDX Gradle Plugin is Copyright (c) OWASP Foundation. All Rights Reserved. Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license. |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论