On 2026-06-01, Jaikiran Pai wrote: > One minor suggestion (not for this release, but maybe future ones) is > whether we should use "*.bom.json" as the file/artifact names instead > of the current "*.cyclonedx.json". When I first heard about cyclonedx > it wasn't clear to me what it was, but BOM on the other hand is a bit > more known term. Plus, as per > https://github.com/CycloneDX/specification#recognized-file-patterns , > "bom.json" is a recognized file pattern for such files. So perhaps we > should consider that name?
The default base name of the task in fact is "bom". I've chosen the -cyclonedx suffix as this is what the Apache Commons artifacts (and others I've checked in Maven Central) use. Most likely Commons does so as some of the components also publish SPDX SBOMs so just "bom" may not clear enough. Apart from "prior art in Maven Central" I haven't got any strong opinion. Stefan --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
