Feature request: ingest BOM report from Cyclonedx

We’ve been using the CycloneDX maven plugin and CycloneDX gradle plugin with good results. I’m thinking the output bom.xml could be imported by our subsequent sonar analysis in the CI pipeline.

What sort of checks would you be wanting to run against the SBOM?

1 Like