Why:

• multiple versions of artifacts are costly at sustaining and productization (eg fixing CVE's on all the versions of same artifact)

What:

Prepare simple report per product build, mapping artifacts (GA) and related versions (V) used across whole product

Focus on Camel

DoD:

• tool for scanning is implemented 
• evaluation criterias are defined and accepted
• report is part of Merge Request Process
• report is used as part of component alignment agreement, 
• report is part of signoff (GA task)