cyclonedx:makePackageBom
Full name:
org.cyclonedx:cyclonedx-maven-plugin:2.9.1-SNAPSHOT:makePackageBom
Description:
Creates a CycloneDX BOM for each Maven module with war
or ear
packaging.
Attributes:
- Requires a Maven project to be executed.
- Executes as an aggregator goal.
- The goal is thread-safe and supports parallel builds.
- Since version:
2.4.0
. - Binds by default to the lifecycle phase:
package
. - Requires that Maven runs in online mode.
Optional Parameters
Name | Type | Since | Description |
---|---|---|---|
<classifier> |
String |
2.8.1 |
Classifier of the attached sbom Default: cyclonedx User Property: cyclonedx.classifier |
<detectUnusedForOptionalScope> |
boolean |
2.7.9 |
Use the original mechanism for determining whether a component has OPTIONAL or REQUIRED scope, relying on bytecode analysis of the compiled classes instead of the Maven dependency declaration of optional. Default: false User Property: detectUnusedForOptionalScope |
<excludeTypes> |
String[] |
2.1.0 |
Excluded types. User Property: excludeTypes |
<externalReferences> |
ExternalReference[] |
2.7.11 |
External references to be added to the component the BOM describes $.metadata.component.externalReferences[] :
<externalReferences> <externalReference> <type>EXTERNAL_REFERENCE_TYPE</type><-- constant id corresponding to "external-reference-type" SBOM type --> <url>https://...</url> <comment>(optional) comment</comment> </externalReference> </externalReferences> See also: ExternalReference.Type constants |
<includeBomSerialNumber> |
boolean |
2.1.0 |
Should the resulting BOM contain a unique serial number? Default: true User Property: includeBomSerialNumber |
<includeCompileScope> |
boolean |
2.1.0 |
Should compile scoped Maven dependencies be included in bom? Default: true User Property: includeCompileScope |
<includeLicenseText> |
boolean |
2.1.0 |
Should license text be included in bom? Default: false User Property: includeLicenseText |
<includeProvidedScope> |
boolean |
2.1.0 |
Should provided scoped Maven dependencies be included in bom? Default: true User Property: includeProvidedScope |
<includeRuntimeScope> |
boolean |
2.1.0 |
Should runtime scoped Maven dependencies be included in bom? Default: true User Property: includeRuntimeScope |
<includeSystemScope> |
boolean |
2.1.0 |
Should system scoped Maven dependencies be included in bom? Default: true User Property: includeSystemScope |
<includeTestScope> |
boolean |
2.1.0 |
Should test scoped Maven dependencies be included in bom? Default: false User Property: includeTestScope |
<outputDirectory> |
File |
2.7.5 |
The output directory where to store generated CycloneDX output files. Default: ${project.build.directory} User Property: outputDirectory |
<outputFormat> |
String |
2.1.0 |
The CycloneDX output format that should be generated (xml , json or all ).Default: all User Property: outputFormat |
<outputName> |
String |
2.2.0 |
The CycloneDX output file name (without extension) that should be generated (in outputDirectory directory).Default: bom User Property: outputName |
<outputTimestamp> |
String |
2.7.9 |
Timestamp for reproducible output archive entries, either formatted as ISO 8601 yyyy-MM-dd'T'HH:mm:ssXXX or as an int representing seconds since the epoch (like SOURCE_DATE_EPOCH).Default: ${project.build.outputTimestamp} |
<projectType> |
String |
2.0.0 |
The component type associated to the SBOM metadata. See CycloneDX reference for supported values. Default: library User Property: projectType |
<schemaVersion> |
String |
2.1.0 |
The CycloneDX schema version the BOM will comply with. Default: 1.6 User Property: schemaVersion |
<skip> |
boolean |
1.1.3 |
Skip CycloneDX execution. Default: false User Property: cyclonedx.skip |
<skipAttach> |
boolean |
2.1.0 |
Don't attach bom. Default: false User Property: cyclonedx.skipAttach |
<verbose> |
boolean |
2.6.0 |
Verbose output. Default: false User Property: cyclonedx.verbose |
Parameter Details
<classifier>
Classifier of the attached sbom
- Type:
java.lang.String
- Since:
2.8.1
- Required:
No
- User Property:
cyclonedx.classifier
- Default:
cyclonedx
<detectUnusedForOptionalScope>
Use the original mechanism for determining whether a component has OPTIONAL or REQUIRED scope, relying on bytecode analysis of the compiled classes instead of the Maven dependency declaration of optional.
- Type:
boolean
- Since:
2.7.9
- Required:
No
- User Property:
detectUnusedForOptionalScope
- Default:
false
<excludeTypes>
Excluded types.
- Type:
java.lang.String[]
- Since:
2.1.0
- Required:
No
- User Property:
excludeTypes
<externalReferences>
External references to be added to the component the BOM describes
See also: ExternalReference.Type constants
$.metadata.component.externalReferences[]
:
<externalReferences> <externalReference> <type>EXTERNAL_REFERENCE_TYPE</type><-- constant id corresponding to "external-reference-type" SBOM type --> <url>https://...</url> <comment>(optional) comment</comment> </externalReference> </externalReferences>
See also: ExternalReference.Type constants
- Type:
org.cyclonedx.model.ExternalReference[]
- Since:
2.7.11
- Required:
No
<includeBomSerialNumber>
Should the resulting BOM contain a unique serial number?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeBomSerialNumber
- Default:
true
<includeCompileScope>
Should compile scoped Maven dependencies be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeCompileScope
- Default:
true
<includeLicenseText>
Should license text be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeLicenseText
- Default:
false
<includeProvidedScope>
Should provided scoped Maven dependencies be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeProvidedScope
- Default:
true
<includeRuntimeScope>
Should runtime scoped Maven dependencies be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeRuntimeScope
- Default:
true
<includeSystemScope>
Should system scoped Maven dependencies be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeSystemScope
- Default:
true
<includeTestScope>
Should test scoped Maven dependencies be included in bom?
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
includeTestScope
- Default:
false
<outputDirectory>
The output directory where to store generated CycloneDX output files.
- Type:
java.io.File
- Since:
2.7.5
- Required:
No
- User Property:
outputDirectory
- Default:
${project.build.directory}
<outputFormat>
The CycloneDX output format that should be generated (
xml
, json
or all
).- Type:
java.lang.String
- Since:
2.1.0
- Required:
No
- User Property:
outputFormat
- Default:
all
<outputName>
The CycloneDX output file name (without extension) that should be generated (in
outputDirectory
directory).- Type:
java.lang.String
- Since:
2.2.0
- Required:
No
- User Property:
outputName
- Default:
bom
<outputTimestamp>
Timestamp for reproducible output archive entries, either formatted as ISO 8601
yyyy-MM-dd'T'HH:mm:ssXXX
or as an int representing seconds since the epoch (like SOURCE_DATE_EPOCH).- Type:
java.lang.String
- Since:
2.7.9
- Required:
No
- Default:
${project.build.outputTimestamp}
<projectType>
The component type associated to the SBOM metadata. See CycloneDX reference for supported values.
- Type:
java.lang.String
- Since:
2.0.0
- Required:
No
- User Property:
projectType
- Default:
library
<schemaVersion>
The CycloneDX schema version the BOM will comply with.
- Type:
java.lang.String
- Since:
2.1.0
- Required:
No
- User Property:
schemaVersion
- Default:
1.6
<skip>
Skip CycloneDX execution.
- Type:
boolean
- Since:
1.1.3
- Required:
No
- User Property:
cyclonedx.skip
- Default:
false
<skipAttach>
Don't attach bom.
- Type:
boolean
- Since:
2.1.0
- Required:
No
- User Property:
cyclonedx.skipAttach
- Default:
false
<verbose>
Verbose output.
- Type:
boolean
- Since:
2.6.0
- Required:
No
- User Property:
cyclonedx.verbose
- Default:
false