cyclonedx:makeBom

Full name:

org.cyclonedx:cyclonedx-maven-plugin:2.7.5-SNAPSHOT:makeBom

Description:

Creates a CycloneDX BOM for each Maven module with its dependencies.

Attributes:

  • Requires a Maven project to be executed.
  • Requires dependency resolution of artifacts in scope: test.
  • The goal is thread-safe and supports parallel builds.
  • Binds by default to the lifecycle phase: package.
  • Requires that Maven runs in online mode.

Optional Parameters

Name Type Since Description
<analyzer> String 2.2 Specify the project dependency analyzer to use (plexus component role-hint). By default, maven-dependency-analyzer is used. To use this, you must declare a dependency for this plugin that contains the code for the analyzer. The analyzer must have a declared Plexus role name, and you specify the role name here.
Default value is: default.
User property is: analyzer.
<excludeTypes> String[] 2.1.0 Excluded types.
User property is: excludeTypes.
<includeBomSerialNumber> Boolean 2.1.0 Should the resulting BOM contain a unique serial number?
Default value is: true.
User property is: includeBomSerialNumber.
<includeCompileScope> Boolean 2.1.0 Should compile scoped artifacts be included in bom?
Default value is: true.
User property is: includeCompileScope.
<includeLicenseText> Boolean 2.1.0 Should license text be included in bom?
Default value is: false.
User property is: includeLicenseText.
<includeProvidedScope> Boolean 2.1.0 Should provided scoped artifacts be included in bom?
Default value is: true.
User property is: includeProvidedScope.
<includeRuntimeScope> Boolean 2.1.0 Should runtime scoped artifacts be included in bom?
Default value is: true.
User property is: includeRuntimeScope.
<includeSystemScope> Boolean 2.1.0 Should system scoped artifacts be included in bom?
Default value is: true.
User property is: includeSystemScope.
<includeTestScope> Boolean 2.1.0 Should test scoped artifacts be included in bom?
Default value is: false.
User property is: includeTestScope.
<outputFormat> String 2.1.0 The CycloneDX output format that should be generated (xml, json or all).
Default value is: all.
User property is: outputFormat.
<outputName> String 2.2.0 The CycloneDX output file name (without extension) that should be generated (in target/ directory).
Default value is: bom.
User property is: outputName.
<projectType> String - The component type associated to the SBOM metadata. See CycloneDX reference for supported values.
Default value is: library.
User property is: projectType.
<schemaVersion> String 2.1.0 The CycloneDX schema version the BOM will comply with.
Default value is: 1.4.
User property is: schemaVersion.
<skip> boolean - Skip CycloneDX execution.
Default value is: false.
User property is: cyclonedx.skip.
<skipAttach> boolean 2.1.0 Don't attach bom.
Default value is: false.
User property is: cyclonedx.skipAttach.
<verbose> boolean 2.6.0 Verbose output.
Default value is: true.
User property is: cyclonedx.verbose.

Parameter Details

<analyzer>

Specify the project dependency analyzer to use (plexus component role-hint). By default, maven-dependency-analyzer is used. To use this, you must declare a dependency for this plugin that contains the code for the analyzer. The analyzer must have a declared Plexus role name, and you specify the role name here.
  • Type: java.lang.String
  • Since: 2.2
  • Required: No
  • User Property: analyzer
  • Default: default

<excludeTypes>

Excluded types.
  • Type: java.lang.String[]
  • Since: 2.1.0
  • Required: No
  • User Property: excludeTypes

<includeBomSerialNumber>

Should the resulting BOM contain a unique serial number?
  • Type: java.lang.Boolean
  • Since: 2.1.0
  • Required: No
  • User Property: includeBomSerialNumber
  • Default: true

<includeCompileScope>

Should compile scoped artifacts be included in bom?
  • Type: java.lang.Boolean
  • Since: 2.1.0
  • Required: No
  • User Property: includeCompileScope
  • Default: true

<includeLicenseText>

Should license text be included in bom?
  • Type: java.lang.Boolean
  • Since: 2.1.0
  • Required: No
  • User Property: includeLicenseText
  • Default: false

<includeProvidedScope>

Should provided scoped artifacts be included in bom?
  • Type: java.lang.Boolean
  • Since: 2.1.0
  • Required: No
  • User Property: includeProvidedScope
  • Default: true

<includeRuntimeScope>

Should runtime scoped artifacts be included in bom?
  • Type: java.lang.Boolean
  • Since: 2.1.0
  • Required: No
  • User Property: includeRuntimeScope
  • Default: true

<includeSystemScope>

Should system scoped artifacts be included in bom?
  • Type: java.lang.Boolean
  • Since: 2.1.0
  • Required: No
  • User Property: includeSystemScope
  • Default: true

<includeTestScope>

Should test scoped artifacts be included in bom?
  • Type: java.lang.Boolean
  • Since: 2.1.0
  • Required: No
  • User Property: includeTestScope
  • Default: false

<outputFormat>

The CycloneDX output format that should be generated (xml, json or all).
  • Type: java.lang.String
  • Since: 2.1.0
  • Required: No
  • User Property: outputFormat
  • Default: all

<outputName>

The CycloneDX output file name (without extension) that should be generated (in target/ directory).
  • Type: java.lang.String
  • Since: 2.2.0
  • Required: No
  • User Property: outputName
  • Default: bom

<projectType>

The component type associated to the SBOM metadata. See CycloneDX reference for supported values.
  • Type: java.lang.String
  • Required: No
  • User Property: projectType
  • Default: library

<schemaVersion>

The CycloneDX schema version the BOM will comply with.
  • Type: java.lang.String
  • Since: 2.1.0
  • Required: No
  • User Property: schemaVersion
  • Default: 1.4

<skip>

Skip CycloneDX execution.
  • Type: boolean
  • Required: No
  • User Property: cyclonedx.skip
  • Default: false

<skipAttach>

Don't attach bom.
  • Type: boolean
  • Since: 2.1.0
  • Required: No
  • User Property: cyclonedx.skipAttach
  • Default: false

<verbose>

Verbose output.
  • Type: boolean
  • Since: 2.6.0
  • Required: No
  • User Property: cyclonedx.verbose
  • Default: true