SBOM required to use JRecord and CB2XML library

Read Cobol data files in Java

Status: Beta

Brought to you by: bruce_a_martin

#26 SBOM required to use JRecord and CB2XML library

Milestone: v1.0_(example)

Status: open

Owner: Bruce Martin

Labels: 0.93.2 (1) 0.93.3 (1)

Priority: 1

Updated: 2025-07-30

Created: 2025-07-21

Creator: Anonymous

Private: No

Hi Bruce,

I intend to use this library for JSON to copybook and copybook to JSON conversion. However, the AppSecurity team is looking for SBOM document which is a software book of material document to approve the use of this library. I am unable to create one from the Github Source code myself for some reason and they insist that I should reach out to the owner of this library. Could you maybe have it handy or generate this for users to use this library?

Discussion

Bruce Martin - 2025-07-21

I will look in to it

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous - 2025-07-21

Thank you Bruce!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Bruce Martin - 2025-07-22

I have added cyclonedx to my personel maven build, it produced the attached sbom.
Is this what you want ???

If it is I will move t into Github

Last edit: Bruce Martin 2025-07-22

jrecord-Sbom.json

jrecord-Sbom.xml

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous - 2025-07-24

Thank you so much Bruce for providing the SBOM. I have passed it along to the AppSec team. I also noticed that the library uploaded here on Source forge is 0.93.2 while the SBOM was created with the newer version which is 0.93.4. Could you also upload 0.93.4 version here? I will get to know from the AppSec team shortly and I will update the status here so you can attach the SBOM in the repository itself.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Bruce Martin - 2025-07-30

I have uploaded the latest jars to https://sourceforge.net/projects/jrecord/files/jrecord/Version_0.93.4\

The latest source is available on Github:
https://github.com/bmTas/JRecord

I will upload a full source/jars file after I have tested it

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous