Description
Is your feature request related to a problem? Please describe
Hey everyone! Maybe you've heart of SBOMs before - if not, it's a Software Bill of Materials listing all dependencies including versions that a project is using. This allows users to have quickly check if they are affected when info about a new vulnerability is released.
Some more info can be found here:
https://thenewstack.io/sbom-everywhere-the-openssf-plan-for-sboms/
https://cwiki.apache.org/confluence/display/COMDEV/SBOM
Describe the solution you'd like
There's an excellect Gradle plugin (https://github.com/CycloneDX/cyclonedx-gradle-plugin) that produces such SBOMs during the build process with lots of custom settings. These SBOMs can then be bundled with the released artifacts. JSON would be my preferred format.
Ideally this would be done for every component (OpenSearch, OS Dashboards etc), please let me know if I should open copies of this issue there as well.
Related component
Build
Describe alternatives you've considered
None
Additional context
No response