sbt bom.xml exporter
The aim of this project is to:
- extract a valid CycloneDX bom file from sbt projects
- ensure that the bom file is processable with Software Composition Analysis tools (like Dependency Track)
Add the plugin dependency to the file project/plugins.sbt using addSbtPlugin :
addSbtPlugin("de.lhns" %% "sbt-bom" % "0.5.0")
To create the bom for the default configuration use makeBom command:
> sbt makeBom
This create the BOM file inside the target directory. The name of the file created depends on the name and version
property of the current project. For example, if name and version are myArtifact and 1.0, the file name
is myArtifact-1.0.bom.xml.
It is possible to create the BOM for different scopes, so that all dependencies of the scopes are included in the
generated BOM files. The default scope is Compile. For now the other supported scopes are Test
and IntegrationTest. To generate the BOM for a certain scope, add the scope as a prefix to the makeBom command:
> sbt Test / makeBom
> sbt IntegrationTest / makeBom
The listBom command can be used to generate the contents of the BOM without writing it to a file. The BOM is returned
as command output. To display the BOM content use:
> sbt show listBom
| Setting | Type | Description |
|---|---|---|
| bomFileName | String | bom file name |
| bomSchemaVersion | String | CycloneDX version (default: 1.2) |
| bomFormat | String | json or xml (default: json if bomSchemaVersion >= 1.2) |
Sample configuration:
lazy val root = (project in file("."))
.settings(
bomFileName := "bom.xml",
Test / bomFileName := "test.bom.xml",
IntegrationTest / bomFileName := "integrationTest.bom.xml",
)There are two types of test: unit test done with scalatest and scripted test
Unit tests are written using scalatest syntax. Only pure logic classes are tested using these tests.
To run unit tests use the test command to run all tests, or testOnly ... command specifying the list of test to be
executed.
Scripted is a tool that allow you to test sbt plugins. For each test it is necessary to create a specially crafted project. These projects are inside src/sbt-test directory.
Scripted tests are run using scripted comand.
See Releases.
For versions before 0.4.0 see siculo/sbt-bom#changelog.
This project uses the MIT License. See the file called LICENSE.