Helix Framework Documentation

Plugin

Security SBOM

Plugin ID
com.helixframework.security-sbom
Plugin Type
Project

Generates a CycloneDX software bill of materials and copies the JSON artifact into build resources for Java projects.

  • Applies org.cyclonedx.bom.
  • Generates the SBOM from runtimeClasspath and explicitly skips compile and test classpath configurations.
  • For Java projects, runs cyclonedxBom after compileJava and then copies bom.json into build/resources/main.

Tasks

  • copyBomToResources: Copies the generated bom.json file from the reports directory into build/resources/main.

Usage

build.gradle

Groovy DSL

plugins {
    id 'com.helixframework.security-sbom'
}

build.gradle.kts

Kotlin DSL

plugins {
    id("com.helixframework.security-sbom")
}

Configuration

No Helix-specific extension is added by this plugin.

Default Behavior

  • No Helix-specific extension is added.
  • The underlying cyclonedxBom extension is preconfigured with includeConfigs = runtimeClasspath and a standard skip list.