I would like to make you aware of a new build feature. For version 1.0.0 we concentrated on providing SBOMs and a license book created from the SBOM. But there were the following issues:
- There were 2 SBOMs: One for the backend, one for the frontend
- The backend SBOMs contained all dependencies from all distributions, i.e. Wildfly dependencies also for the Tomcat distribution
- As a consequence there was just 1 single License Book for all distributions
Now we have changed the process that SBOMs are produced per distribution profile. Also, the distribution-specific backend SBOM is merged with the frontend SBOM to a single SBOM per distribution.
These consolidated SBOMs are now updated with each dependency upgrade and checked in to the distribution’s assembly module. Thus, they are always up-to-date.
The now distribution-specific license book is generated with the nightly integration build. Thus, the nightly distributions will contain always up-to-date SBOM and license book files.
