[ 
https://issues.apache.org/jira/browse/SOLR-16796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17902996#comment-17902996
 ] 

Philipp Trulson commented on SOLR-16796:
----------------------------------------

[~houston] both issues were closed and released, time for a second try? Would 
love to see this working!

> Publish an SBOM for Solr maven artifacts
> ----------------------------------------
>
>                 Key: SOLR-16796
>                 URL: https://issues.apache.org/jira/browse/SOLR-16796
>             Project: Solr
>          Issue Type: Improvement
>          Components: Build
>            Reporter: Arnout Engelen
>            Assignee: Houston Putman
>            Priority: Minor
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> It would be nice if Solr published an 'SBOM' (Software Bill of Materials) for 
> its artifacts. An SBOM gives an overview of the components included in the 
> artifact, which can be useful for example for scanner software that looks for 
> dependencies with potential security vulnerabilities.
> Such consumers of the SBOM should probably combine it with the VEX published 
> for Solr ([https://solr.apache.org/security.html#vex)] to avoid getting 
> reports for known false positives.
> Draft PR starting point for this is at 
> [https://github.com/apache/solr/pull/1203]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to