cyclonedx:makeAggregateBom
Full name:
org.cyclonedx:cyclonedx-maven-plugin:2.7.5-SNAPSHOT:makeAggregateBom
Description:
Creates a CycloneDX aggregate BOM at build root (with dependencies from the whole multi-modules build), and eventually a BOM for each module.
Attributes:
- Requires a Maven project to be executed.
- Executes as an aggregator plugin.
- Requires dependency resolution of artifacts in scope:
test
. - The goal is thread-safe and supports parallel builds.
- Since version:
2.1.0
. - Binds by default to the lifecycle phase:
package
. - Requires that Maven runs in online mode.
Optional Parameters
Name | Type | Since | Description |
---|---|---|---|
<analyzer> |
String |
2.2 |
Specify the project dependency analyzer to use (plexus component role-hint). By default, maven-dependency-analyzer is used. To use this, you must declare a dependency for this plugin that contains the code for the analyzer. The analyzer must have a declared Plexus role name, and you specify the role name here. Default value is: default .User property is: analyzer . |
<excludeArtifactId> |
String[] |
2.4.0 |
Excluded reactor project (aka module) ArtifactIds from aggregate BOM. User property is: excludeArtifactId . |
<excludeGroupId> |
String[] |
2.7.3 |
Excluded reactor project (aka module) GroupIds from aggregate BOM. User property is: excludeGroupId . |
<excludeTestProject> |
Boolean |
2.4.0 |
Should reactor project (aka module) artifactId with the word "test" be excluded from aggregate BOM? Default value is: false .User property is: excludeTestProject . |
<excludeTypes> |
String[] |
2.1.0 |
Excluded types. User property is: excludeTypes . |
<includeBomSerialNumber> |
Boolean |
2.1.0 |
Should the resulting BOM contain a unique serial number? Default value is: true .User property is: includeBomSerialNumber . |
<includeCompileScope> |
Boolean |
2.1.0 |
Should compile scoped artifacts be included in bom? Default value is: true .User property is: includeCompileScope . |
<includeLicenseText> |
Boolean |
2.1.0 |
Should license text be included in bom? Default value is: false .User property is: includeLicenseText . |
<includeProvidedScope> |
Boolean |
2.1.0 |
Should provided scoped artifacts be included in bom? Default value is: true .User property is: includeProvidedScope . |
<includeRuntimeScope> |
Boolean |
2.1.0 |
Should runtime scoped artifacts be included in bom? Default value is: true .User property is: includeRuntimeScope . |
<includeSystemScope> |
Boolean |
2.1.0 |
Should system scoped artifacts be included in bom? Default value is: true .User property is: includeSystemScope . |
<includeTestScope> |
Boolean |
2.1.0 |
Should test scoped artifacts be included in bom? Default value is: false .User property is: includeTestScope . |
<outputFormat> |
String |
2.1.0 |
The CycloneDX output format that should be generated (xml , json or all ).Default value is: all .User property is: outputFormat . |
<outputName> |
String |
2.2.0 |
The CycloneDX output file name (without extension) that should be generated (in target/ directory).Default value is: bom .User property is: outputName . |
<outputReactorProjects> |
Boolean |
2.6.2 |
Should non-root reactor projects create a module-only BOM? Default value is: true .User property is: outputReactorProjects . |
<projectType> |
String |
- |
The component type associated to the SBOM metadata. See CycloneDX reference for supported values. Default value is: library .User property is: projectType . |
<schemaVersion> |
String |
2.1.0 |
The CycloneDX schema version the BOM will comply with. Default value is: 1.4 .User property is: schemaVersion . |
<skip> |
boolean |
- |
Skip CycloneDX execution. Default value is: false .User property is: cyclonedx.skip . |
<skipAttach> |
boolean |
2.1.0 |
Don't attach bom. Default value is: false .User property is: cyclonedx.skipAttach . |
<verbose> |
boolean |
2.6.0 |
Verbose output. Default value is: true .User property is: cyclonedx.verbose . |
Parameter Details
<analyzer>
Specify the project dependency analyzer to use (plexus component role-hint). By default, maven-dependency-analyzer is used. To use this, you must declare a dependency for this plugin that contains the code for the analyzer. The analyzer must have a declared Plexus role name, and you specify the role name here.
- Type:
java.lang.String
- Since:
2.2
- Required:
No
- User Property:
analyzer
- Default:
default
<excludeArtifactId>
Excluded reactor project (aka module) ArtifactIds from aggregate BOM.
- Type:
java.lang.String[]
- Since:
2.4.0
- Required:
No
- User Property:
excludeArtifactId
<excludeGroupId>
Excluded reactor project (aka module) GroupIds from aggregate BOM.
- Type:
java.lang.String[]
- Since:
2.7.3
- Required:
No
- User Property:
excludeGroupId
<excludeTestProject>
Should reactor project (aka module) artifactId with the word "test" be excluded from aggregate BOM?
- Type:
java.lang.Boolean
- Since:
2.4.0
- Required:
No
- User Property:
excludeTestProject
- Default:
false
<excludeTypes>
Excluded types.
- Type:
java.lang.String[]
- Since:
2.1.0
- Required:
No
- User Property:
excludeTypes
<includeBomSerialNumber>
Should the resulting BOM contain a unique serial number?
- Type:
java.lang.Boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeBomSerialNumber
- Default:
true
<includeCompileScope>
Should compile scoped artifacts be included in bom?
- Type:
java.lang.Boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeCompileScope
- Default:
true
<includeLicenseText>
Should license text be included in bom?
- Type:
java.lang.Boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeLicenseText
- Default:
false
<includeProvidedScope>
Should provided scoped artifacts be included in bom?
- Type:
java.lang.Boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeProvidedScope
- Default:
true
<includeRuntimeScope>
Should runtime scoped artifacts be included in bom?
- Type:
java.lang.Boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeRuntimeScope
- Default:
true
<includeSystemScope>
Should system scoped artifacts be included in bom?
- Type:
java.lang.Boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeSystemScope
- Default:
true
<includeTestScope>
Should test scoped artifacts be included in bom?
- Type:
java.lang.Boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeTestScope
- Default:
false
<outputFormat>
The CycloneDX output format that should be generated (
xml
, json
or all
).- Type:
java.lang.String
- Since:
2.1.0
- Required:
No
- User Property:
outputFormat
- Default:
all
<outputName>
The CycloneDX output file name (without extension) that should be generated (in
target/
directory).- Type:
java.lang.String
- Since:
2.2.0
- Required:
No
- User Property:
outputName
- Default:
bom
<outputReactorProjects>
Should non-root reactor projects create a module-only BOM?
- Type:
java.lang.Boolean
- Since:
2.6.2
- Required:
No
- User Property:
outputReactorProjects
- Default:
true
<projectType>
The component type associated to the SBOM metadata. See CycloneDX reference for supported values.
- Type:
java.lang.String
- Required:
No
- User Property:
projectType
- Default:
library
<schemaVersion>
The CycloneDX schema version the BOM will comply with.
- Type:
java.lang.String
- Since:
2.1.0
- Required:
No
- User Property:
schemaVersion
- Default:
1.4
<skip>
Skip CycloneDX execution.
- Type:
boolean
- Required:
No
- User Property:
cyclonedx.skip
- Default:
false
<skipAttach>
Don't attach bom.
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
cyclonedx.skipAttach
- Default:
false
<verbose>
Verbose output.
- Type:
boolean
- Since:
2.6.0
- Required:
No
- User Property:
cyclonedx.verbose
- Default:
true