Merge maintenance/mps20241 into merge/mps20241

github-actions[bot] · web-flow · commit 8ab84a0b9b3a · 2025-06-03T15:19:28.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project are documented in this file.
 Format of the log is _loosely_ based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 The project does _not_ follow Semantic Versioning and the changes are documented in reverse chronological order, grouped by calendar month.
 
+## June 2025
+
+### Changed
+
+- Published SBOM contains dependencies only from runtime configurations
+
 ## May 2025
 
 ### Changed
diff --git a/build.gradle b/build.gradle
@@ -576,4 +576,8 @@ cyclonedxBom {
     outputFormat = "json"
     // Don't include license texts in generated SBOMs
     includeLicenseText = false
+    // Include runtime only deps (bundled libs, language libs, mps)
+    def runtimeConfigs = bundledDeps.collect {it.configName }
+    runtimeConfigs.addAll([configurations.mps.name, configurations.languageLibs.name])
+    includeConfigs = runtimeConfigs
 }

Original file line number	Diff line number	Diff line change
`@@ -576,4 +576,8 @@ cyclonedxBom {`
`576`	`576`	`outputFormat = "json"`
`577`	`577`	`// Don't include license texts in generated SBOMs`
`578`	`578`	`includeLicenseText = false`
	`579`	`+ // Include runtime only deps (bundled libs, language libs, mps)`
	`580`	`+ def runtimeConfigs = bundledDeps.collect {it.configName }`
	`581`	`+ runtimeConfigs.addAll([configurations.mps.name, configurations.languageLibs.name])`
	`582`	`+ includeConfigs = runtimeConfigs`
`579`	`583`	`}`