diff --git a/.github/workflows/on-merge.yml b/.github/workflows/on-merge.yml index f015d44..99cff2b 100644 --- a/.github/workflows/on-merge.yml +++ b/.github/workflows/on-merge.yml @@ -43,18 +43,18 @@ jobs: nexus_username: ${{ secrets.NEXUS_USERNAME }} nexus_password: ${{ secrets.NEXUS_PASSWORD }} -# sbom: -# name: SBOM processing -# needs: build -# runs-on: ubuntu-latest -# container: -# image: cyclonedx/cyclonedx-cli:0.24.2 -# steps: -# - uses: jahia/jahia-modules-action/sbom-processing@v2 -# with: -# dependencytrack_hostname: ${{ vars.DEPENDENCYTRACK_HOSTNAME }} -# dependencytrack_apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }} -# sbom_artifacts: 'build-artifacts' + sbom: + name: SBOM processing + needs: build + runs-on: ubuntu-latest + container: + image: cyclonedx/cyclonedx-cli:0.24.2 + steps: + - uses: jahia/jahia-modules-action/sbom-processing@v2 + with: + dependencytrack_hostname: ${{ vars.DEPENDENCYTRACK_HOSTNAME }} + dependencytrack_apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }} + sbom_artifacts: 'build-artifacts' integration-tests: name: Integration Tests diff --git a/.github/workflows/schedule-sonar.yml b/.github/workflows/schedule-sonar.yml index ddc8fac..11f9c99 100644 --- a/.github/workflows/schedule-sonar.yml +++ b/.github/workflows/schedule-sonar.yml @@ -40,4 +40,5 @@ jobs: github_pr_id: ${{github.event.number}} sonar_url: ${{ secrets.SONAR_URL }} sonar_token: ${{ secrets.SONAR_TOKEN }} + nvd_apikey: ${{ secrets.NVD_APIKEY }} mvn_settings_filepath: '.github/maven.settings.xml' diff --git a/pom.xml b/pom.xml index b9a5f2d..0a83753 100644 --- a/pom.xml +++ b/pom.xml @@ -112,6 +112,33 @@ + + org.cyclonedx + cyclonedx-maven-plugin + 2.7.11 + + + package + + makeAggregateBom + + + + + library + 1.4 + true + true + false + true + false + false + false + true + json + java-bom.cdx + +