[MXS-5611] Update MaxScale SBOM Format to .cdx.json for Vulnerability Scanning Compatibility - Jira

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: N/A
Component/s: build
Labels:
None

Description

The current file format for the SBOM files for MaxScale are provided only in .tgz format which are not compatible for automated security tooling.
Issue:

The Security team’s vulnerability scanning tools are configured to locate SBOMs using the pattern:
{product}/**/{version}/**/*.cdx.json

.tgz-formatted SBOMs are not recognized or scanned, which creates a gap in automated security coverage.

MaxScale SBOMs should be made available in the .cdx.json format, similar to how it is published for MariaDB Enterprise Server.

https://dlm.mariadb.com/browse/mariadb_enterprise_server/11.4.5-3/SBOM/

Attachments

Activity

People

Assignee:: Timofey Turenko

Reporter:: Michael Deweerd

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2025-05-14 22:51

Updated:: 2025-07-14 00:21

Resolved:: 2025-07-14 00:21

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.