I'm trying to add Dependency-Track analysis to Jenkins builds. The Dependency-Track application requires CycloneDX sbom files as input. For our Gradle projects, this was fairly straightforward as there's a Gradle plugin that will generate the sbom files. However, I'm struggling with our many legacy Java projects that we build with Ant / Ant Ivy.
Does anyone know how this can be done? I've not found any utilities to do it, but maybe I'm missing something. I saw a suggestion that the CycloneDX maven plugin (located here: https://github.com/CycloneDX/cyclonedx-maven-plugin) could be used in conjunction with Ant / Ant Ivy, but I can't figure out how to do that. When I search for information on making Maven calls from Ant, my search results are full of pages about how to do the opposite (call Ant from Maven). I found some pages on Maven Ant Tasks (retired) and its successor Maven Resolver Ant Tasks, but if I understand correctly that's only for running the handful of Maven operations in that project. Any insights would be greatly appreciated.
