Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add IT for shipped/included dependencies vs not-shipped #596

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

add IT for shipped/included dependencies vs not-shipped #596

wants to merge 1 commit into from

Conversation

hboutemy
Copy link
Contributor

@hboutemy hboutemy commented Mar 19, 2025
edited
Loading

see #589
this PR is not yet about changing anything to generated CycloneDX documents, but listing all cases:

  • from the most basic =
    • classical libraries that have transitive dependences = not shipped
    • classical war files = ship dependencies in WEB-INF/lib in .war archive
  • to most advanced =
    • shade: very flexible, including partial ship
    • assembly: very flexible configuration file
    • executable archives: ship dependencies, but also adds a launcher (that may even bring a servlet container like Tomcat or Jetty, that is not even listed as a dependency)

see also #576 for a first pass

@hboutemy
init structure
677c92a 
Signed-off-by: Hervé Boutemy <[email protected]>
@hboutemy hboutemy added the build Build improvement/fix label Mar 19, 2025
@hboutemy hboutemy marked this pull request as draft March 19, 2025 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
build Build improvement/fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hboutemy