Uploading SBOM to DependencyTrack - Request for Parent Project ID

Summary

We are working on uploading Temurin SBOMs into DependencyTrack, and the security handbook documentation informed us we need the correct parentProject IDs to structure them appropriately. We are requesting your support in obtaining the appropriate parent project IDs. We've drafted a proposed project hierarchy for the Temurin Releases. For now, our proposed hierarchy focuses only on JDK 21, which we plan to incorporate first into the upload pipeline.

This is the document outlining our structure: https://docs.google.com/document/d/1m6WiJPool5_y1KICdPRsYKm_5gpjyuSwvpPzQE7lgrA/edit?usp=sharing

If the hierarchy we've outlined doesn't align with the way projects are structured in your system, we'd appreciate any guidance or corrections.

This request is related to this epic: https://github.com/adoptium/temurin-build/issues/4182

Steps to Reproduce

(How one can reproduce the issue - this is very important)

What is the current bug behavior?

(What actually happens)

What is the expected correct behavior?

(What you should see instead)

Relevant logs and/or screenshots

(Add a link to or paste any relevant logs - please use code blocks (```) to format console output, logs, and code, as it's very hard to read otherwise.)

Priority

• Urgent
• High
• Medium
• Low

Severity

• Blocker
• Major
• Normal
• Low

Impact

This is part of our ongoing SBOM automation work for Temurin. Resolving this will allow us to continue drafting our workflow and refine the upload pipeline without delay.