Egothor/Radixor
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add CycloneDX SBOM generation and publishing support

Browse Source 
feat: add CycloneDX Gradle plugin for standards-based SBOM generation
feat: generate SBOM artifacts in JSON and XML formats
feat: publish SBOM artifacts in CI and expose them through project reports
fix: align CycloneDX task configuration with current plugin task model
fix: remove deprecated String-based projectType assignment for Gradle 10 compatibility
chore: keep SBOM scope focused on production classpaths only
This commit is contained in:
Leo Galambos
2026-04-15 17:38:27 +02:00
parent b0b33f8548
commit 2288852300
3 changed files with 58 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
.github/workflows/pages.yml vendored
View File

@@ -48,7 +48,7 @@ jobs:
uses: gradle/actions/setup-gradle@v4
- name: Build reports for publication
run: ./gradlew --no-daemon clean build pmdMain javadoc jacocoTestReport pitest jmh
run: ./gradlew --no-daemon clean build pmdMain javadoc jacocoTestReport pitest jmh cyclonedxBom
- name: Prepare gh-pages worktree
shell: bash
@@ -100,6 +100,10 @@ jobs:
JMH_CSV_LATEST_LINK=''
DEPENDENCY_CHECK_LINK=''
DEPENDENCY_CHECK_LATEST_LINK=''
SBOM_JSON_LINK=''
SBOM_XML_LINK=''
SBOM_JSON_LATEST_LINK=''
SBOM_XML_LATEST_LINK=''
if [ -d "build/reports/jmh" ]; then
cp -R build/reports/jmh "${RUN_DIR}/jmh"
@@ -129,6 +133,15 @@ jobs:
fi
fi
if [ -d "build/reports/sbom" ]; then
cp -R build/reports/sbom "${RUN_DIR}/sbom"
cp -R build/reports/sbom "${LATEST_DIR}/sbom"
SBOM_JSON_LINK='<li><a href="./sbom/radixor-sbom.json">SBOM (JSON)</a></li>'
SBOM_XML_LINK='<li><a href="./sbom/radixor-sbom.xml">SBOM (XML)</a></li>'
SBOM_JSON_LATEST_LINK='<li><a href="./builds/latest/sbom/radixor-sbom.json">SBOM (JSON)</a></li>'
SBOM_XML_LATEST_LINK='<li><a href="./builds/latest/sbom/radixor-sbom.xml">SBOM (XML)</a></li>'
fi
cat > "${RUN_DIR}/index.html" <<EOF
<!doctype html>
<html lang="en">
@@ -153,6 +166,8 @@ jobs:
<li><a href="./pmd/main.html">PMD Report</a></li>
<li><a href="./coverage/">Coverage Report</a></li>
${DEPENDENCY_CHECK_LINK:-<li>Dependency Vulnerability Report: not available</li>}
${SBOM_JSON_LINK:-<li>SBOM (JSON): not available</li>}
${SBOM_XML_LINK:-<li>SBOM (XML): not available</li>}
<li><a href="./pitest/">Mutation Testing Report</a></li>
$(
[ "${HAS_JMH}" = "true" ] && { echo "${JMH_TXT_LINK:-<li>Benchmark Results (TXT): not available</li>}"; echo "${JMH_CSV_LINK:-<li>Benchmark Results (CSV): not available</li>}"; } \
@@ -200,6 +215,8 @@ jobs:
<li><a href="./builds/latest/pmd/main.html">PMD Report</a></li>
<li><a href="./builds/latest/coverage/">Coverage Report</a></li>
${DEPENDENCY_CHECK_LATEST_LINK:-<li>Dependency Vulnerability Report: not currently available</li>}
${SBOM_JSON_LATEST_LINK:-<li>SBOM (JSON): not available</li>}
${SBOM_XML_LATEST_LINK:-<li>SBOM (XML): not available</li>}
<li><a href="./builds/latest/pitest/">Mutation Testing Report</a></li>
$(
[ "${HAS_JMH}" = "true" ] && { echo "${JMH_TXT_LATEST_LINK:-<li>Benchmark Results (TXT): not available</li>}"; echo "${JMH_CSV_LATEST_LINK:-<li>Benchmark Results (CSV): not available</li>}"; } \