From: Stefano Tondo <[email protected]>
This series enhances SPDX 3.0 SBOM generation with enriched
metadata and compliance-oriented controls for current master.
Compared with v10, this series has been rebased on top of current
master after Joshua's related changes landed upstream. The merged or
superseded pieces have been dropped, leaving the four still-relevant
patches below.
Changes since v10:
- Rebased onto current master.
- Dropped patches now merged or superseded upstream.
- Restored the current recipe/build SPDX task split after rebase.
- Updated the remaining selftests to use the current builds/ output
paths.
- Revalidated the source-download enrichment tests requested by
Richard Purdie and Mathieu Dubois-Briand.
Validated with:
oe-selftest -r \
spdx.SPDX30Check.test_packageconfig_spdx \
spdx.SPDX30Check.test_download_location_defensive_handling \
spdx.SPDX30Check.test_version_extraction_patterns
Stefano Tondo (4):
spdx30: Add configurable file exclusion pattern support
spdx30: Add supplier support for image and SDK SBOMs
spdx30: Enrich source downloads with version and PURL
oeqa/selftest: Add tests for source download enrichment
meta/classes-recipe/cargo_common.bbclass | 3 +
meta/classes-recipe/cpan.bbclass | 11 +
meta/classes-recipe/go-mod.bbclass | 6 +
meta/classes-recipe/npm.bbclass | 7 +
meta/classes-recipe/pypi.bbclass | 6 +-
meta/classes/create-spdx-3.0.bbclass | 17 ++
meta/classes/spdx-common.bbclass | 7 +
meta/lib/oe/spdx30_tasks.py | 279 +++++++++++++++++------
meta/lib/oeqa/selftest/cases/spdx.py | 104 +++++++--
9 files changed, 345 insertions(+), 95 deletions(-)
--
2.53.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#233657):
https://lists.openembedded.org/g/openembedded-core/message/233657
Mute This Topic: https://lists.openembedded.org/mt/118433308/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
