Example SBOM generation for GeoMesa
This issue is to make the EMO team aware that I've tested out adding the CycloneDX plugin to the locationtech/geomesa project: https://github.com/locationtech/geomesa/tree/wip_sbom
It does successfully generate bom.json/bom.xml files. It logs warnings about dependencies that come from non-standard maven repositories - it doesn't seem to pick up the section of the pom, and I didn't see any way to configure repositories on the plugin itself:
[WARNING] Unable to create Maven project for org.geotools:gt-main:jar:28.2 from repository.