Skip to content

FINERACT-2164: Add Gradle SBOM (Software Bill of Materials) generator #5339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
airajena wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

FINERACT-2164: Add Gradle SBOM (Software Bill of Materials) generator #5339

airajena wants to merge 1 commit into from
+11 −0

Conversation

@airajena
Copy link
Contributor

@airajena airajena commented Jan 17, 2026

Description

This PR adds CycloneDX SBOM (Software Bill of Materials) generator to the Fineract build system. SBOM is important for security compliance and allows vendors to promote the solution in regulated environments.

Changes

  • Add CycloneDX plugin (version 3.1.0) to plugins block
  • Configure SBOM generation with license information
  • Task is optional and NOT part of default build

Usage

# Generate SBOM for a specific module
./gradlew :fineract-provider:cyclonedxDirectBom

# Output files
build/reports/cyclonedx-direct/bom.json
build/reports/cyclonedx-direct/bom.xml

@airajena
FINERACT-2164: Add Gradle SBOM (Software Bill of Materials) generator
fe4c992 
- Add CycloneDX plugin for SBOM generation (version 3.1.0)
- Configure as optional task (not part of default build)
- Generate SBOM in CycloneDX format with license information
- Usage: ./gradlew :fineract-provider:cyclonedxDirectBom

Output: build/reports/cyclonedx-direct/bom.{json,xml}
Aman-Mittal
Aman-Mittal approved these changes Jan 18, 2026
View reviewed changes
Copy link
Contributor

@Aman-Mittal Aman-Mittal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems Ok, @adamsaghy Can this be added to CI check also? also as per test of license dependency has Apache 2.0 license

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Aman-Mittal Aman-Mittal Aman-Mittal approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@airajena @Aman-Mittal