CycloneDX/cyclonedx-gradle-plugin cyclonedx-gradle-plugin-2.4.0

2.4.0

on GitHub

New Features and Deprecations

• New jsonOutput and xmlOutput properties to configure BOM output locations. Existing properties destination, outputName, and outputFormat deprecated
• Direct task properties configuration is allowed, property setters deprecated
• schemaVersion property prefers input as org.cyclonedx.Version, String input deprecated
• projectType property prefers input as org.cyclonedx.model.Component.Type, String input deprecated
• gitVCS now can be configured as externalReferences and accept multiple values, configuration as gitVCS deprecated

Bug Fixes

• Generated SBOM contains access token #581
• Project version might not be picked up #650
• org.cyclonedx:cyclonedx-core-java was not declared as an API dependency #655

Dependency Updates

• Gradle from 8.14 to 9
• org.apache.maven:maven-core from 3.9.10 to 3.9.11
• commons-codec:commons-codec from 1.18.0 to 1.19.0
• commons-io:commons-io from 2.19.0 to 2.20.0

Full Changelog

• build(deps): bump org.cyclonedx.bom from 2.3.0 to 2.3.1 by @dependabot[bot] in #622
• Update Gradle Wrapper from 8.14 to 8.14.1 by @github-actions[bot] in #621
• build: run one build with multijdk tests by @skhokhlov in #623
• build(deps): bump com.diffplug.spotless from 6.13.0 to 7.0.4 by @dependabot[bot] in #624
• build(deps): bump org.apache.maven:maven-core from 3.9.9 to 3.9.10 by @dependabot[bot] in #628
• build(deps): bump gradle/actions from 4.4.0 to 4.4.1 by @dependabot[bot] in #633
• build(deps): bump com.diffplug.spotless from 7.0.4 to 7.1.0 by @dependabot[bot] in #640
• build(deps): bump org.apache.maven:maven-core from 3.9.10 to 3.9.11 by @dependabot[bot] in #642
• build(deps): bump commons-codec:commons-codec from 1.18.0 to 1.19.0 by @dependabot[bot] in #649
• build(deps): bump com.diffplug.spotless from 7.1.0 to 7.2.1 by @dependabot[bot] in #648
• build(deps): bump commons-io:commons-io from 2.19.0 to 2.20.0 by @dependabot[bot] in #645
• build: enable build cache and configuration cache by @skhokhlov in #651
• build: explicitly set java 8 as a target version and java 21 to run g… by @skhokhlov in #653
• docs: update CONTRIBUTING.md by @skhokhlov in #652
• fix: use provider for component version convention by @sergej-koscejev in #650
• build: Make org.cyclonedx:cyclonedx-core-java an api dependency by @zarebski-m in #656
• build: upgrade to gradle 9 by @skhokhlov in #657
• build(deps): bump gradle/actions from 4.4.1 to 4.4.2 by @dependabot[bot] in #658
• build(deps): bump org.junit.jupiter:junit-jupiter-api from 5.11.4 to 5.13.4 by @dependabot[bot] in #646
• fix: scrub credentials from git url by @MalickBurger in #663
• feat: deprecate task property setters by @skhokhlov in #681
• fix: store bom once by @skhokhlov in #682
• doc: update usage examples with new properties by @skhokhlov in #683
• doc: update version to 2.4.0 by @skhokhlov in #683

cyclonedx-gradle-plugin-2.3.1...cyclonedx-gradle-plugin-2.4.0

New Contributors

• @sergej-koscejev made their first contribution in #650
• @zarebski-m made their first contribution in #656
• @MalickBurger made their first contribution in #663