HoustonPutman commented on PR #1203: URL: https://github.com/apache/solr/pull/1203#issuecomment-2148364812
Ok, so I've changed this to create and SBOM for each of our maven artifacts, and they are included in what will be uploaded to maven central. So far there is no solr-wide sbom (for either the full tgz or the slim tgz), but that is kind of a nightmare to do with the cyclonedx gradle plugin. It would be much easier if we could use [syft](https://github.com/anchore/syft) to generate an sbom from the resulting tgz(s). But maybe this is a problem to solve later and we take the first win? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
