sbom-comparator
sbom-comparator copied to clipboard
CycloneDX
Wrong maven dependency to SBOM COMMONS
The project has the wrong maven dependency to library SBOM-COMMON version 1.1.1 - the version doe not exist.
<dependency> <groupId>com.lmco.efoss.sbom</groupId> <artifactId>sbom-commons</artifactId> <version>1.1.1</version> </dependency>
Please fix it.
Temporary workaround:
- Download project SBOM-COMMON
- Build project: mvn clean package (Use Java 11+)
- There is sbomcommons.1.2.0-SNAPSHOT.jar in the folder target
- Add sbomcommons.1.2.0-SNAPSHOT.jar to the local dependency instead of the wrong one.
<!--
<dependency>
<groupId>com.lmco.efoss.sbom</groupId>
<artifactId>sbom-commons</artifactId>
<version>${com.lmco.commons.version}</version>
</dependency>-->
<dependency>
<groupId>com.lmco.efoss.sbom</groupId>
<artifactId>sbom-commons</artifactId>
<version>1.2.0</version>
<systemPath>C:\work\projekty\java\sbomcommons.1.2.0.jar</systemPath>
<scope>system</scope>
</dependency>
...
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<!--allow system scope-->
<configuration>
<includeSystemScope>true</includeSystemScope>
</configuration>
</plugin>
...
<!--There are still some issues with java doc
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<configuration>
<show>private</show>
<nohelp>true</nohelp>
<excludePackageNames>org.cyclonedx.contrib.com.lmco.efoss.sbom.commons.*</excludePackageNames>
</configuration>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
-->
- In project sbom-comparator delete invalid package imports and replace them by new. sbomcommons.1.2.0-SNAPSHOT.jar has different package names. (If you are using Eclipse use ctrl+shift+o to import all missing packages at once)
- Build: mvn clean package (In case of building in Eclipse click checkbox skip tests)
