URL: <https://savannah.gnu.org/bugs/?64591>
Summary: SBOM-friendly CMake-like File API for GNU Make Group: make Submitter: edelsohn Submitted: Thu 24 Aug 2023 05:11:49 PM UTC Severity: 3 - Normal Item Group: Enhancement Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Component Version: SCM Operating System: None Fixed Release: None Triage Status: None _______________________________________________________ Follow-up Comments: ------------------------------------------------------- Date: Thu 24 Aug 2023 05:11:49 PM UTC By: David Edelsohn <edelsohn> cmake-spdx (https://github.com/swinslow/cmake-spdx) utilizes CMake File API (https://cmake.org/cmake/help/latest/manual/cmake-file-api.7.html) to query, observe, and parse information about the build process to allow the tool to create an SPDX SBOM file. While CMake could be unaware of some dependencies and files, and is not a perfect solution, it is a step toward SBOM compliance that many software packages will utilize. GNU Make should provide an API with similar functionality to CMake File API, which would allow tools to generate manifests such as SPDX SBOM. This will allow better and easier visibility into the licenses used by packages built by GNU Make. _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?64591> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/