From 2c0190793fefe2d84d7761508e6f65a42865a08c Mon Sep 17 00:00:00 2001
From: Justin Abrahms <jabrahms@ebay.com>
Date: Thu, 6 Oct 2022 13:33:11 -0700
Subject: [PATCH] chore: Document where to find our SBOMs (#124)

---
 .clomonitor.yml | 12 ++++++++++++
 README.md       |  4 ++++
 2 files changed, 16 insertions(+)
 create mode 100644 .clomonitor.yml

diff --git a/.clomonitor.yml b/.clomonitor.yml
new file mode 100644
index 00000000..9d41bb50
--- /dev/null
+++ b/.clomonitor.yml
@@ -0,0 +1,12 @@
+
+# CLOMonitor metadata file
+# This file must be located at the root of the repository
+
+# Checks exemptions
+
+# Check identifiers are here https://github.com/cncf/clomonitor/blob/main/docs/checks.md#exemptions (look for "id")
+exemptions:
+  - check: signed_releases
+    reason: "Our releases are signed on Maven Central"
+  - check: artifacthub_badge
+    reason: "Java library, not a k8s thing. We use Maven Central"
diff --git a/README.md b/README.md
index b6a501ad..68df0fa1 100644
--- a/README.md
+++ b/README.md
@@ -122,6 +122,10 @@ The continuous integration runs a set of [gherkin integration tests](https://git
 
 See [releasing](./docs/release.md).
 
+### Software Bill of Materials (SBOM)
+
+We publish SBOMs with all of our releases as of 0.3.0. You can find them in Maven Central alongside the artifacts.
+
 ## Contributors
 
 Thanks so much to our contributors.