Skip to content

Generate an SBOM #824

Open
Feature
Open
Generate an SBOM#824
Feature
Labels
build/environmentCategorizes an issue or PR relevant to the build environment.good first issueDenotes an issue ready for a new contributorhelp wantedDenotes an issue that needs help from a contributor.kind/wishCategorizes issue or PR as a wish.

Description

@pnoltes
pnoltes
opened on Feb 7, 2026

Update the CI to generate a Software Bill of Materials (SBOM) as part of the ASF Celix CI pipeline.

Notes / Open questions

  • We currently do not commit conan.lock to SCM
    • Should the lockfile be generated in CI and used for SBOM generation?
  • Which SBOM gen technology to use (cdxgen, sbomify, etc)?

It is ok to provide a proposal in a pull request.
Contributions, tooling suggestions, and prior experience are very welcome.

Expected outcome

  • CI job that generates an SBOM
  • SBOM published as a CI artifact
  • Short documentation describing: how the SBOM is generates

Metadata

Metadata

Assignees

No one assigned

    Labels

    build/environmentCategorizes an issue or PR relevant to the build environment.good first issueDenotes an issue ready for a new contributorhelp wantedDenotes an issue that needs help from a contributor.kind/wishCategorizes issue or PR as a wish.

    Type

    Feature

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions