This patch-set adds a proof-of-concept implementation of the upcoming SPDX3 standard to the SBOM generation of the Yocto Project/OpenEmbedded.
The current code delivers an equivalent of what is produced for SPDX2.2. The standard has not been released yet, and there is some specification work in progress still. Our questions and open points are available in the README.SPDX3 file. Also, this first RFC delivery will be followed by another one with SPDX assembly and the Licensing profile. Louis Rannou (5): create-spdx-3.0: copy 2.2 class oe/spdx: extend spdx.py objects oe/sbom: change the write_doc to prepare for spdx3 create-spdx-3.0: SPDX3 objects as classes oe/sbom: search into json Marta Rybczynska (1): README.SPDX3: add file Samantha Jalabert (1): create-spdx-3.0: support for recipe spdx creation README.SPDX3 | 42 ++ meta/classes/create-spdx-3.0.bbclass | 878 +++++++++++++++++++++++++++ meta/classes/create-spdx.bbclass | 2 +- meta/lib/oe/sbom.py | 37 +- meta/lib/oe/spdx.py | 30 +- meta/lib/oe/spdx3.py | 385 ++++++++++++ 6 files changed, 1364 insertions(+), 10 deletions(-) create mode 100644 README.SPDX3 create mode 100644 meta/classes/create-spdx-3.0.bbclass create mode 100644 meta/lib/oe/spdx3.py -- 2.42.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#189711): https://lists.openembedded.org/g/openembedded-core/message/189711 Mute This Topic: https://lists.openembedded.org/mt/102197338/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
