From 1a18e6b73b9cbe03aaa107903c16ee0529ee829b Mon Sep 17 00:00:00 2001
From: Stefan Kalscheuer <stefan@stklcode.de>
Date: Sat, 29 Jun 2024 10:30:25 +0200
Subject: [PATCH] build: generate and attach CycloneDX SBOM

---
 CHANGELOG.md |  1 +
 pom.xml      | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 797fdb1..0fdfdac 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@
 * Add `mount_type` attribute to common response model
 * Add `auth` attribute to common response model
 * Add `custom_metadata`, `cas_required` and `delete_version_after` fields for KVv2 metadata
+* Generate and attach CycloneDX SBOM
 
 ### Fix
 * Rename `enable_local_secret_id` to `local_secret_ids` in `AppRole` model
diff --git a/pom.xml b/pom.xml
index b3f37bf..4d23267 100644
--- a/pom.xml
+++ b/pom.xml
@@ -179,6 +179,11 @@
                         </argLine>
                     </configuration>
                 </plugin>
+                <plugin>
+                    <groupId>org.cyclonedx</groupId>
+                    <artifactId>cyclonedx-maven-plugin</artifactId>
+                    <version>2.8.0</version>
+                </plugin>
                 <plugin>
                     <groupId>org.jacoco</groupId>
                     <artifactId>jacoco-maven-plugin</artifactId>
@@ -244,6 +249,26 @@
             </build>
         </profile>
 
+        <profile>
+            <id>sbom</id>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.cyclonedx</groupId>
+                        <artifactId>cyclonedx-maven-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <phase>package</phase>
+                                <goals>
+                                    <goal>makeBom</goal>
+                                </goals>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+
         <profile>
             <id>sign</id>
             <build>