Merge pull request 'OZG-4833 add sbom' (#21) from Version-4-ozg-4833-sbom into master

Reviewed-on: https://git.ozg-sh.de/ozgcloud-lib/common-lib/pulls/21 Reviewed-by: OZGCloud <ozgcloud@mgm-tp.com>

Merge pull request 'OZG-4833 add sbom' (#21) from Version-4-ozg-4833-sbom into master
47300f63 · OZGCloud · f1d9ec90 · 5d01ccd9 · 47300f63
Commit 47300f63 authored 10 months ago by OZGCloud
--- a/ozgcloud-common-parent/pom.xml
+++ b/ozgcloud-common-parent/pom.xml
@@ -65,6 +65,9 @@

 		<!--overriden for issue CVE-2021-26291-->
 		<git-commit-id-maven-plugin.version>7.0.0</git-commit-id-maven-plugin.version>
+
+		<dependency-track-maven-plugin.version>1.7.0</dependency-track-maven-plugin.version>
+		<cyclonedx-maven-plugin.version>2.7.11</cyclonedx-maven-plugin.version>
 	</properties>

 	<dependencyManagement>
@@ -336,6 +339,17 @@
 						</dependency>
 					</dependencies>
 				</plugin>
+
+				<plugin>
+					<groupId>io.github.pmckeown</groupId>
+					<artifactId>dependency-track-maven-plugin</artifactId>
+					<version>${dependency-track-maven-plugin.version}</version>
+					<configuration>
+						<dependencyTrackBaseUrl>https://dependency-track.ozg-sh.de</dependencyTrackBaseUrl>
+						<failOnError>true</failOnError>
+						<createProject>true</createProject>
+					</configuration>
+				</plugin>
 			</plugins>
 		</pluginManagement>

@@ -345,6 +359,20 @@
 				<artifactId>rewrite-maven-plugin</artifactId>
 				<version>${rewrite.plugin.version}</version>
 			</plugin>
+
+			<plugin>
+				<groupId>org.cyclonedx</groupId>
+				<artifactId>cyclonedx-maven-plugin</artifactId>
+				<version>${cyclonedx-maven-plugin.version}</version>
+				<executions>
+					<execution>
+						<phase>package</phase>
+						<goals>
+							<goal>makeAggregateBom</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 	</build>