chore/updated links to cbomkit org (#347)

san-zrl · web-flow · commit f50ae7275f45 · 2025-11-06T12:07:09.000+01:00
* chore/updated links to cbomkit org

Signed-off-by: san-zrl &lt;san@zurich.ibm.com&gt;

* chore/updated links to cbomkit org

Signed-off-by: san-zrl &lt;san@zurich.ibm.com&gt;

* chore/updated links to cbomkit org

Signed-off-by: san-zrl &lt;san@zurich.ibm.com&gt;

---------

Signed-off-by: san-zrl &lt;san@zurich.ibm.com&gt;
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -32,7 +32,7 @@ jobs:
     - name: Build with Maven
       run: mvn clean package
     - name: Create CBOM
-      uses: PQCA/cbomkit-action@v2.1.1
+      uses: cbomkit/cbomkit-action@v2.1.1
       id: cbom
       # Persist CBOM after a job has completed and share
       # that CBOM with another job in the same workflow.
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -1,3 +1,3 @@
 # see https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
 
-*  @PQCA/cbomkit-maintainers
+*  @cbomkit/cbomkit-maintainers
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -8,14 +8,14 @@ This page describes how you can join the community in this goal.
 
 If you are new to the community? We recommend you do the following before diving into the code:
 
-* Read the [Code of Conduct](https://github.com/PQCA/sonar-cryptography/blob/main/CODE_OF_CONDUCT.md)
-* Familiarize yourself with the community (via [GitHub](https://github.com/PQCA/sonar-cryptography/discussions) etc.)
+* Read the [Code of Conduct](https://github.com/cbomkit/sonar-cryptography/blob/main/CODE_OF_CONDUCT.md)
+* Familiarize yourself with the community (via [GitHub](https://github.com/cbomkit/sonar-cryptography/discussions) etc.)
 
 ## Choose an issue to work on
 The Sonar Cryptography Plugin uses the following labels to help non-maintainers find issues best suited to their interest and experience level:
 
-* [good first issue](https://github.com/PQCA/sonar-cryptography/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) - these issues are typically the simplest available to work on, ideal for newcomers. They should already be fully scoped, with a clear approach outlined in the descriptions.
-* [help wanted](https://github.com/PQCA/sonar-cryptography/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) - these issues are generally more complex than good first issues. They typically cover work that core maintainers don't currently have capacity to implement and may require more investigation/discussion. These are a great option for experienced contributors looking for something a bit more challenging.
+* [good first issue](https://github.com/cbomkit/sonar-cryptography/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) - these issues are typically the simplest available to work on, ideal for newcomers. They should already be fully scoped, with a clear approach outlined in the descriptions.
+* [help wanted](https://github.com/cbomkit/sonar-cryptography/issues?q=is%3Aopen+is%3Aissue+label%3A%22help+wanted%22) - these issues are generally more complex than good first issues. They typically cover work that core maintainers don't currently have capacity to implement and may require more investigation/discussion. These are a great option for experienced contributors looking for something a bit more challenging.
 
 ## Code Style
 
diff --git a/README.md b/README.md
@@ -1,12 +1,12 @@
 # Sonar Cryptography Plugin (CBOMkit-hyperion)
 
-[![License](https://img.shields.io/github/license/PQCA/sonar-cryptography.svg?)](https://opensource.org/licenses/Apache-2.0) <!--- long-description-skip-begin -->
-[![Current Release](https://img.shields.io/github/release/PQCA/sonar-cryptography.svg?logo=IBM)](https://github.com/PQCA/sonar-cryptography/releases)
+[![License](https://img.shields.io/github/license/cbomkit/sonar-cryptography.svg?)](https://opensource.org/licenses/Apache-2.0) <!--- long-description-skip-begin -->
+[![Current Release](https://img.shields.io/github/release/cbomkit/sonar-cryptography.svg?logo=IBM)](https://github.com/cbomkit/sonar-cryptography/releases)
 
 
 This repository contains a SonarQube Plugin that detects cryptographic assets 
 in source code and generates [CBOM](https://cyclonedx.org/capabilities/cbom/).
-It is part of **the [CBOMKit](https://github.com/PQCA/cbomkit) toolset**.
+It is part of **the [CBOMKit](https://github.com/cbomkit) toolset**.
 
 ## Version compatibility
 
@@ -41,13 +41,13 @@ It is part of **the [CBOMKit](https://github.com/PQCA/cbomkit) toolset**.
 > included Docker Compose to set up a development environment. See 
 > [here](CONTRIBUTING.md#build) for instructions.
 
-Copy the plugin (the JAR file from the [latest releases](https://github.com/PQCA/sonar-cryptography/releases))
+Copy the plugin (the JAR file from the [latest releases](https://github.com/cbomkit/sonar-cryptography/releases))
 to `$SONARQUBE_HOME/extensions/plugins` and restart 
 SonarQube ([more](https://docs.sonarqube.org/latest/setup-and-upgrade/install-a-plugin/)).
 
 ## Using
 
-The plugin provides new inventory rules (PQCA Cryptography Repository) regarding the use of cryptography for 
+The plugin provides new inventory rules (Cbomkit Cryptography Repository) regarding the use of cryptography for 
 the supported languages.
 If you enable these rules, a source code scan creates a cryptographic inventory by creating a 
 [CBOM](https://cyclonedx.org/capabilities/cbom/) with all cryptographic assets and writing 
@@ -72,7 +72,7 @@ to start your first scan.
 
 ### Visualizing your CBOM
 
-Once you have scanned your source code with the plugin, and obtained a `cbom.json` file, you can use [PQCA's CBOM Viewer](https://github.com/PQCA/cbomkit) service to know more about it.
+Once you have scanned your source code with the plugin, and obtained a `cbom.json` file, you can use [Cbomkit's CBOM Viewer](https://github.com/cbomkit/cbomkit) service to know more about it.
 It provides you with general insights about the cryptography used in your source code and its compliance with post-quantum safety.
 It also allows you to explore precisely each cryptography asset and its detailed specification, and displays where it appears in your code.
 
@@ -85,8 +85,8 @@ If you encounter difficulties or unexpected results while installing the plugin
 If you'd like to contribute to Sonar Cryptography Plugin, please take a look at our
 [contribution guidelines](CONTRIBUTING.md). By participating, you are expected to uphold our [code of conduct](CODE_OF_CONDUCT.md).
 
-We use [GitHub issues](https://github.com/PQCA/sonar-cryptography/issues) for tracking requests and bugs. For questions
-start a discussion using [GitHub Discussions](https://github.com/PQCA/sonar-cryptography/discussions).
+We use [GitHub issues](https://github.com/cbomkit/sonar-cryptography/issues) for tracking requests and bugs. For questions
+start a discussion using [GitHub Discussions](https://github.com/cbomkit/sonar-cryptography/discussions).
 
 ## License
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -2,7 +2,7 @@
 
 You can privately report a potential security issue via the GitHub security advisory feature. This can be done here:
 
-https://github.com/PQCA/sonar-cryptography/security/advisories
+https://github.com/cbomkit/sonar-cryptography/security/advisories
 
 Please do **not** open a public issue about a potential security vulnerability.
 
diff --git a/docs/DETECTION_RULE_STRUCTURE.md b/docs/DETECTION_RULE_STRUCTURE.md
@@ -109,7 +109,7 @@ This will then be useful when we translate the detected findings: we use the bun
 And finally, we can finish the specification of the detection rules by adding top level dependent detection rules with `withDependingDetectionRules(List<IDetectionRule<T>> detectionRules)` (or not, using `withoutDependingDetectionRules()` instead).
 These are similar to the parameter dependent rules, but instead of applying these rules on a parameter, they are applied to the object itself, i.e. to the object with which the rule matched in the first place[^2].
 
-[^2]: Currently, findings of top level dependent detection rules are added below *each* (top level and parameter) detections of the rules in the tree of detected values, *except* for parameter detections using `asChildOfParameterWithId`. More information [here](https://github.com/PQCA/sonar-cryptography/pull/142).
+[^2]: Currently, findings of top level dependent detection rules are added below *each* (top level and parameter) detections of the rules in the tree of detected values, *except* for parameter detections using `asChildOfParameterWithId`. More information [here](https://github.com/cbomkit/sonar-cryptography/pull/142).
 
 > [!TIP]
 > You will find all the classes implementing the action factories, value factories and contexts (that you may use in the functions described above) in the [`model`](../engine/src/main/java/com/ibm/engine/model/) directory of the engine.
diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md
@@ -19,7 +19,7 @@ To do so, start by opening this repo and `git checkout` to the latest release br
 Open the [`docker-compose.yaml`](../docker-compose.yaml) file and check the `image` argument to make sure that it uses a version of SonarQube supported by our plugin.
 
 You then need to have a `.jar` plugin in the `.SonarQube/plugins/` directory. There are two options for this:
-- Easiest way: download the `.jar` file from the [latest releases](https://github.com/PQCA/sonar-cryptography/releases) GitHub page and move it to this directory. In our case, it is named `sonar-cryptography-plugin-1.2.0.jar`.
+- Easiest way: download the `.jar` file from the [latest releases](https://github.com/cbomkit/sonar-cryptography/releases) GitHub page and move it to this directory. In our case, it is named `sonar-cryptography-plugin-1.2.0.jar`.
 - Alternatively, you can build the plugin from source, as explained in the [Build](../CONTRIBUTING.md#build) paragraph of [`CONTRIBUTING.md`](../CONTRIBUTING.md).
 
 Now, you can run our plugin with SonarQube by following the [Run the Plugin with SonarQube](../CONTRIBUTING.md#run-the-plugin-with-sonarqube) paragraph of [`CONTRIBUTING.md`](../CONTRIBUTING.md).
@@ -149,4 +149,4 @@ If the analysis runs as expected, you should see the results in two ways:
 
 ---
 
-If you did not succeed while following all the steps in this guide, please check previous GitHub [issues](https://github.com/PQCA/sonar-cryptography/issues?q=is%3Aissue) to check if someone else ever had your problem, otherwise feel free to reach us by creating a new GitHub issue.
+If you did not succeed while following all the steps in this guide, please check previous GitHub [issues](https://github.com/cbomkit/sonar-cryptography/issues?q=is%3Aissue) to check if someone else ever had your problem, otherwise feel free to reach us by creating a new GitHub issue.
diff --git a/pom.xml b/pom.xml
@@ -23,8 +23,8 @@
     <version>2.0.0-SNAPSHOT</version>
     <name>sonar-cryptography</name>
     <organization>
-        <name>PQCA</name>
-        <url>https://github.com/PQCA</url>
+        <name>cbomkit</name>
+        <url>https://github.com/cbomkit</url>
     </organization>
     <licenses>
         <license>
@@ -56,7 +56,7 @@
         <repository>
             <id>github</id>
             <name>GitHub Packages</name>
-            <url>https://maven.pkg.github.com/PQCA/sonar-cryptography</url>
+            <url>https://maven.pkg.github.com/cbomkit/sonar-cryptography</url>
         </repository>
     </distributionManagement>
 

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`# see https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners`
`2`	`2`
`3`		`-* @PQCA/cbomkit-maintainers`
	`3`	`+* @cbomkit/cbomkit-maintainers`