🔐 Create SBOMs for distributions and files via #Syft https://jreleaser.org/guide/latest/reference/catalog/index.html

Well this happened. #JReleaser is now capable of producing #SBOMs thanks to an integration with #Syft. You don't need Syft pre-installed on your environment, JReleaser takes care of that

https://jreleaser.org/guide/early-access/reference/catalog/sbom/syft.html

SBOM support coming up next #JReleaser thanks to #Syft's Java cataloger #SneakPeek

TIL that #Syft takes advantage of #Maven metadata embedded in a JAR (/META-INF/maven/*) to generate SBOMs. These files are automatically added by Maven during a build.

Glad I built a plugin for #Gradle years ago to do the same

https://kordamp.org/kordamp-gradle-plugins/#_org_kordamp_gradle_minpom