cyclonedx:makeBom
Full name:
org.cyclonedx:cyclonedx-maven-plugin:2.7.10-SNAPSHOT:makeBom
Description:
Creates a CycloneDX BOM for each Maven module with its dependencies.
Attributes:
- Requires a Maven project to be executed.
- The goal is thread-safe and supports parallel builds.
- Binds by default to the lifecycle phase:
package
. - Requires that Maven runs in online mode.
Optional Parameters
Name | Type | Since | Description |
---|---|---|---|
<analyzer> |
String |
2.1.0 |
Specify the Maven project dependency analyzer to use (plexus component role-hint). By default, maven-dependency-analyzer's one is used. To use another implementation, you must declare a dependency for this plugin that contains the code for the analyzer and you specify its Plexus role name here. Default value is: default .User property is: analyzer . |
<detectUnusedForOptionalScope> |
boolean |
2.7.9 |
Use the original mechanism for determining whether a component has OPTIONAL or REQUIRED scope, relying on bytecode analysis of the compiled classes instead of the Maven dependency declaration of optional. Default value is: false .User property is: detectUnusedForOptionalScope . |
<excludeTypes> |
String[] |
2.1.0 |
Excluded types. User property is: excludeTypes . |
<includeBomSerialNumber> |
boolean |
2.1.0 |
Should the resulting BOM contain a unique serial number? Default value is: true .User property is: includeBomSerialNumber . |
<includeCompileScope> |
boolean |
2.1.0 |
Should compile scoped Maven dependencies be included in bom? Default value is: true .User property is: includeCompileScope . |
<includeLicenseText> |
boolean |
2.1.0 |
Should license text be included in bom? Default value is: false .User property is: includeLicenseText . |
<includeProvidedScope> |
boolean |
2.1.0 |
Should provided scoped Maven dependencies be included in bom? Default value is: true .User property is: includeProvidedScope . |
<includeRuntimeScope> |
boolean |
2.1.0 |
Should runtime scoped Maven dependencies be included in bom? Default value is: true .User property is: includeRuntimeScope . |
<includeSystemScope> |
boolean |
2.1.0 |
Should system scoped Maven dependencies be included in bom? Default value is: true .User property is: includeSystemScope . |
<includeTestScope> |
boolean |
2.1.0 |
Should test scoped Maven dependencies be included in bom? Default value is: false .User property is: includeTestScope . |
<outputDirectory> |
File |
2.7.5 |
The output directory where to store generated CycloneDX output files. Default value is: ${project.build.directory} .User property is: outputDirectory . |
<outputFormat> |
String |
2.1.0 |
The CycloneDX output format that should be generated (xml , json or all ).Default value is: all .User property is: outputFormat . |
<outputName> |
String |
2.2.0 |
The CycloneDX output file name (without extension) that should be generated (in outputDirectory directory).Default value is: bom .User property is: outputName . |
<outputTimestamp> |
String |
2.7.9 |
Timestamp for reproducible output archive entries, either formatted as ISO 8601 yyyy-MM-dd'T'HH:mm:ssXXX or as an int representing seconds since the epoch (like SOURCE_DATE_EPOCH).Default value is: ${project.build.outputTimestamp} . |
<projectType> |
String |
- |
The component type associated to the SBOM metadata. See CycloneDX reference for supported values. Default value is: library .User property is: projectType . |
<schemaVersion> |
String |
2.1.0 |
The CycloneDX schema version the BOM will comply with. Default value is: 1.4 .User property is: schemaVersion . |
<skip> |
boolean |
- |
Skip CycloneDX execution. Default value is: false .User property is: cyclonedx.skip . |
<skipAttach> |
boolean |
2.1.0 |
Don't attach bom. Default value is: false .User property is: cyclonedx.skipAttach . |
<verbose> |
boolean |
2.6.0 |
Verbose output. Default value is: false .User property is: cyclonedx.verbose . |
Parameter Details
<analyzer>
Specify the Maven project dependency analyzer to use (plexus component role-hint). By default, maven-dependency-analyzer's one is used. To use another implementation, you must declare a dependency for this plugin that contains the code for the analyzer and you specify its Plexus role name here.
- Type:
java.lang.String
- Since:
2.1.0
- Required:
No
- User Property:
analyzer
- Default:
default
<detectUnusedForOptionalScope>
Use the original mechanism for determining whether a component has OPTIONAL or REQUIRED scope, relying on bytecode analysis of the compiled classes instead of the Maven dependency declaration of optional.
- Type:
boolean
- Since:
2.7.9
- Required:
No
- User Property:
detectUnusedForOptionalScope
- Default:
false
<excludeTypes>
Excluded types.
- Type:
java.lang.String[]
- Since:
2.1.0
- Required:
No
- User Property:
excludeTypes
<includeBomSerialNumber>
Should the resulting BOM contain a unique serial number?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeBomSerialNumber
- Default:
true
<includeCompileScope>
Should compile scoped Maven dependencies be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeCompileScope
- Default:
true
<includeLicenseText>
Should license text be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeLicenseText
- Default:
false
<includeProvidedScope>
Should provided scoped Maven dependencies be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeProvidedScope
- Default:
true
<includeRuntimeScope>
Should runtime scoped Maven dependencies be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeRuntimeScope
- Default:
true
<includeSystemScope>
Should system scoped Maven dependencies be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeSystemScope
- Default:
true
<includeTestScope>
Should test scoped Maven dependencies be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeTestScope
- Default:
false
<outputDirectory>
The output directory where to store generated CycloneDX output files.
- Type:
java.io.File
- Since:
2.7.5
- Required:
No
- User Property:
outputDirectory
- Default:
${project.build.directory}
<outputFormat>
The CycloneDX output format that should be generated (
xml
, json
or all
).- Type:
java.lang.String
- Since:
2.1.0
- Required:
No
- User Property:
outputFormat
- Default:
all
<outputName>
The CycloneDX output file name (without extension) that should be generated (in
outputDirectory
directory).- Type:
java.lang.String
- Since:
2.2.0
- Required:
No
- User Property:
outputName
- Default:
bom
<outputTimestamp>
Timestamp for reproducible output archive entries, either formatted as ISO 8601
yyyy-MM-dd'T'HH:mm:ssXXX
or as an int representing seconds since the epoch (like SOURCE_DATE_EPOCH).- Type:
java.lang.String
- Since:
2.7.9
- Required:
No
- Default:
${project.build.outputTimestamp}
<projectType>
The component type associated to the SBOM metadata. See CycloneDX reference for supported values.
- Type:
java.lang.String
- Required:
No
- User Property:
projectType
- Default:
library
<schemaVersion>
The CycloneDX schema version the BOM will comply with.
- Type:
java.lang.String
- Since:
2.1.0
- Required:
No
- User Property:
schemaVersion
- Default:
1.4
<skip>
Skip CycloneDX execution.
- Type:
boolean
- Required:
No
- User Property:
cyclonedx.skip
- Default:
false
<skipAttach>
Don't attach bom.
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
cyclonedx.skipAttach
- Default:
false
<verbose>
Verbose output.
- Type:
boolean
- Since:
2.6.0
- Required:
No
- User Property:
cyclonedx.verbose
- Default:
false