{"id":41340101,"url":"https://github.com/kondukto-io/sbom-pipeline-example","last_synced_at":"2026-01-23T06:48:07.302Z","repository":{"id":39803022,"uuid":"495426084","full_name":"kondukto-io/sbom-pipeline-example","owner":"kondukto-io","description":"This repo does contains an example of Jenkins/Github Pipeline and a Maven Project.","archived":false,"fork":false,"pushed_at":"2022-06-01T09:02:46.000Z","size":2354,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2023-03-08T22:11:14.449Z","etag":null,"topics":["devsecops-pipeline","github-actions","jenkins","kondukto","log4j","sbom","sbom-examples"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kondukto-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-05-23T13:37:20.000Z","updated_at":"2022-05-25T17:32:47.000Z","dependencies_parsed_at":"2022-09-07T02:10:24.176Z","dependency_job_id":null,"html_url":"https://github.com/kondukto-io/sbom-pipeline-example","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"purl":"pkg:github/kondukto-io/sbom-pipeline-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kondukto-io%2Fsbom-pipeline-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kondukto-io%2Fsbom-pipeline-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kondukto-io%2Fsbom-pipeline-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kondukto-io%2Fsbom-pipeline-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kondukto-io","download_url":"https://codeload.github.com/kondukto-io/sbom-pipeline-example/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kondukto-io%2Fsbom-pipeline-example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28682262,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-23T05:48:07.525Z","status":"ssl_error","status_checked_at":"2026-01-23T05:48:07.129Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["devsecops-pipeline","github-actions","jenkins","kondukto","log4j","sbom","sbom-examples"],"created_at":"2026-01-23T06:48:06.290Z","updated_at":"2026-01-23T06:48:07.293Z","avatar_url":"https://github.com/kondukto-io.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Initiating SBOM Creation \u0026 SCA Scan On Pipeline\n\n*In our previous blog post, we have covered what SBOM is, its advantages, how to create it, and how to detect a vulnerability with SBOM. You may find the SBOM 101 blog at [this link](https://kondukto.io/blog/sbom-software-bill-of-materials).*\n\n*If you wish to see the blog post of this repository please click to [this link](https://kondukto.io/blog/how-to-generate-and-audit-sbom-in-a-ci-cd-pipeline).*\n\nThis repository contains a vulnerable Log4j version, do not use it in the production environment.\n\nIn this repository, you can find an example pom.xml file to understand how you can import various plugins to your Maven project. Besides that, it contains a Github Actions \u0026 Jenkins pipeline examples to guide you on how you can create/edit your pipeline according to your needs.\n\n![Github Actions Pipeline](/assets/actions_pipeline.png)\n\n## What is CycloneDX? \n\nCycloneDX is a Software Bill of Materials(SBOM) standard by OWASP and it’s designed for use in application security contexts. The CycloneDX project provides a bunch of tools for anyone to use in the desired environment. \n\nTo use this plugin, we only need to add the following configuration to the pom.xml file:\n\n![Codedx Maven Plugin](/assets/codedx.png)\n\n## What is Dependency-Check?\n\nDependency-Check is an SCA tool. The main purpose of it to generate the dependency list and check for the known vulnerabilities via different sources like NVD, OSS Index or Github’s Security Advisory, etc. Some tools may also provide more details about their open source license. \n\nHere is the import block for the pom.xml file:\n\n![Dependency-Check plugin](/assets/depcheck.png)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkondukto-io%2Fsbom-pipeline-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkondukto-io%2Fsbom-pipeline-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkondukto-io%2Fsbom-pipeline-example/lists"}