chore: Document where to find our SBOMs (#124)

justinabrahms · web-flow · commit 2c0190793fef · 2022-10-06T16:33:11.000-04:00
diff --git a/.clomonitor.yml b/.clomonitor.yml
@@ -0,0 +1,12 @@
+
+# CLOMonitor metadata file
+# This file must be located at the root of the repository
+
+# Checks exemptions
+
+# Check identifiers are here https://github.com/cncf/clomonitor/blob/main/docs/checks.md#exemptions (look for "id")
+exemptions:
+  - check: signed_releases
+    reason: "Our releases are signed on Maven Central"
+  - check: artifacthub_badge
+    reason: "Java library, not a k8s thing. We use Maven Central"
diff --git a/README.md b/README.md
@@ -122,6 +122,10 @@ The continuous integration runs a set of [gherkin integration tests](https://git
 
 See [releasing](./docs/release.md).
 
+### Software Bill of Materials (SBOM)
+
+We publish SBOMs with all of our releases as of 0.3.0. You can find them in Maven Central alongside the artifacts.
+
 ## Contributors
 
 Thanks so much to our contributors.
