docs: sbom for backend

jornfranke · jornfranke · commit 37806b896f1c · 2025-07-10T14:10:37.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,9 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Backend: Provide an example how to [configure Codeberg.org as an OIDC IdP for the application](./backend/docs/EXAMPLE-CODEBERG-OIDC.md)
 * Backend: Update [Spring Boot 3.5.0](https://spring.io/blog/2025/05/22/spring-boot-3-5-0-available-now), Spring Modulith 1.3.5, Hibernate 7.0.0.Final, Gradle Plugins: Spotless 7.0.3, CycloneDX 2.3.1
 * Backend: Fixed SPACspNonceFilter - it originally omitted the end of line character when parsing static HTML files to insert CSPNonce. This lead to obscure bugs in the Angular frontend ("Unexpected end of input")
+* Backend: Added documentation how to generate Software Bill of Material (SBOM) for backend using [CycloneDX for Gradle](https://github.com/CycloneDX/cyclonedx-gradle-plugin)
 * Frontend: Update [Angular 20](https://blog.angular.dev/announcing-angular-v20-b5c9c06cf301)
 * Frontend: Include offline fonts/icons from https://fontsource.org/ instead of static repository
-* Frontend: Software Bill of Material (SBOM) for frontend using [CycloneDX for Node](https://github.com/CycloneDX/cyclonedx-node-npm).
+* Frontend: Software Bill of Material (SBOM) for frontend using [CycloneDX for Node](https://github.com/CycloneDX/cyclonedx-node-npm)
 
 
 ## [0.0.9] - 2025-03-25
diff --git a/backend/docs/BUILD.md b/backend/docs/BUILD.md
@@ -104,4 +104,15 @@ The command has also other features (e.g. generate a report in different formats
 
 Note: If your dependency has reached end-of-life (EOL), ie it is not maintained anymore, then this will command will NOT inform you. You need then check regularly if you dependencies have reached end-of-life (e.g. on their web sites) and find alternatives yourself.
 
-You can partially find end-of-life dates on the crowd-sourced website https://endoflife.date
+You can partially find end-of-life dates on the crowd-sourced website https://endoflife.date
+
+
+# Create Software Bill of Material (SBOM)
+The [Software Bill of Material](https://en.wikipedia.org/wiki/Software_supply_chain) (SBOM) is an important machine-readable document that contains all the software and versions that you have used to build the software.
+
+You can create it for the backend as follows:
+```
+./gradlew cyclonedxBom
+```
+
+It will create a file called "./build/reports/appplication.cdx.json" that contains the SBOM for the backend.
