Skip to content

JAVA-5911 - SBOM Auto PR Generation #1844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
thanhnguyen-mdb wants to merge 3 commits into
base: main
Choose a base branch
from
Open

JAVA-5911 - SBOM Auto PR Generation #1844

thanhnguyen-mdb wants to merge 3 commits into from
+154 −0

Conversation

@thanhnguyen-mdb
Copy link

@thanhnguyen-mdb thanhnguyen-mdb commented Nov 25, 2025

JAVA-5911

Added in Github action workflow for SBOM automation. This triggers on changes to the package updates. A new branch will be created for the PR and closed on merge.

Sample PR that it generates: thanhnguyen-mdb#1

@thanhnguyen-mdb thanhnguyen-mdb marked this pull request as ready for review December 16, 2025 21:50
@thanhnguyen-mdb thanhnguyen-mdb requested a review from a team as a code owner December 16, 2025 21:50
@codeowners-service-app
Copy link

codeowners-service-app bot commented Dec 24, 2025

Assigned stIncMale for team dbx-java because rozza is out of office.

rozza
rozza requested changes Feb 3, 2026
View reviewed changes
Copy link
Member

@rozza rozza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of nits.

build.gradle.kts
* limitations under the License.
*/
import java.time.Duration
import org.cyclonedx.model.*
Copy link
Member

@rozza rozza Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
import org.cyclonedx.model.*
import org.cyclonedx.model.OrganizationalContact

build.gradle.kts
id("eclipse")
id("idea")
alias(libs.plugins.nexus.publish)
id("org.cyclonedx.bom") version "2.3.1"
Copy link
Member

@rozza rozza Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should use gradle/lib.versions.toml to keep with convention and an alias for the plugin. See the alias(libs.plugins.nexus.publish) above and lib.versions.toml for more information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rozza rozza rozza requested changes

@stIncMale stIncMale Awaiting requested review from stIncMale

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thanhnguyen-mdb @rozza