From 7a225475a05f2975fd31b4683b89d8c22572147a Mon Sep 17 00:00:00 2001
From: Justin Abrahms <justin@abrah.ms>
Date: Thu, 6 Oct 2022 13:11:41 -0700
Subject: [PATCH 1/2] Document where to find our SBOMs

Signed-off-by: Justin Abrahms <justin@abrah.ms>
---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index b6a501ad0..68df0fa11 100644
--- a/README.md
+++ b/README.md
@@ -122,6 +122,10 @@ The continuous integration runs a set of [gherkin integration tests](https://git
 
 See [releasing](./docs/release.md).
 
+### Software Bill of Materials (SBOM)
+
+We publish SBOMs with all of our releases as of 0.3.0. You can find them in Maven Central alongside the artifacts.
+
 ## Contributors
 
 Thanks so much to our contributors.

From 39c395a142c88b039c234f9cef8441b8e4524f78 Mon Sep 17 00:00:00 2001
From: Justin Abrahms <jabrahms@ebay.com>
Date: Thu, 6 Oct 2022 13:22:12 -0700
Subject: [PATCH 2/2] Exclude us from a few of the mismatched clomonitor
 expectations

Signed-off-by: Justin Abrahms <jabrahms@ebay.com>
---
 .clomonitor.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 .clomonitor.yml

diff --git a/.clomonitor.yml b/.clomonitor.yml
new file mode 100644
index 000000000..9d41bb50b
--- /dev/null
+++ b/.clomonitor.yml
@@ -0,0 +1,12 @@
+
+# CLOMonitor metadata file
+# This file must be located at the root of the repository
+
+# Checks exemptions
+
+# Check identifiers are here https://github.com/cncf/clomonitor/blob/main/docs/checks.md#exemptions (look for "id")
+exemptions:
+  - check: signed_releases
+    reason: "Our releases are signed on Maven Central"
+  - check: artifacthub_badge
+    reason: "Java library, not a k8s thing. We use Maven Central"