The CycloneDX Maven Plugin can be used to generate CycloneDX Software Bill of Materials (SBOM) for your maven projects as part of your build process. The plugin is easy to integrate, however does have some issues due mostly to idiosyncrasies and shortcomings with the maven resolution mechanism. In this post I attempt to provide some background, examples and explanations for the issues I've discovered as well as context for the solutions I'm proposing.

This post contains the steps for setting up gitsign-credential-cache. which is useful if one has to perform multiple commits in short succession, or when doing a rebase.

This post contains the steps for setting up gitsign to sign your git commits using sigstore.

Today, we're excited to announce the launch of Trustification, a new community dedicated to improving software supply-chain security.