From: Stefano Tondo <[email protected]>
This series enhances SPDX 3.0 SBOM generation with enriched
metadata, ecosystem-specific Package URLs, and compliance
improvements.
Changes since v9 (addressing Richard Purdie's review):
3/7: Use =+ instead of :prepend when extending
SPDX_PACKAGE_URLS from recipe classes.
Stefano Tondo (7):
spdx30: Add configurable file exclusion pattern support
spdx30: Add supplier support for image and SDK SBOMs
spdx30: Add ecosystem-specific PURL generation via bbclasses
spdx30: Enrich source downloads with version and PURL
oeqa/selftest: Add tests for source download enrichment
cve_check: Escape special characters in CPE 2.3 strings
spdx-common: Add documentation for undocumented SPDX variables
meta/classes-recipe/cargo_common.bbclass | 3 +
meta/classes-recipe/cpan.bbclass | 11 ++
meta/classes-recipe/go-mod.bbclass | 3 +
meta/classes-recipe/npm.bbclass | 7 +
meta/classes-recipe/pypi.bbclass | 3 +
meta/classes/create-spdx-3.0.bbclass | 17 +++
meta/classes/spdx-common.bbclass | 33 +++++
meta/lib/oe/cve_check.py | 38 ++++-
meta/lib/oe/spdx30_tasks.py | 175 +++++++++++++++++++++--
meta/lib/oeqa/selftest/cases/spdx.py | 71 ++++++++-
10 files changed, 351 insertions(+), 10 deletions(-)
--
2.53.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#233620):
https://lists.openembedded.org/g/openembedded-core/message/233620
Mute This Topic: https://lists.openembedded.org/mt/118421216/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
