This series enhances SPDX 3.0 SBOM generation with enriched
metadata and compliance-oriented controls for current master.
Compared with v11, this reroll fixes the follow-up issues reported in
review while keeping the series content otherwise unchanged.
Changes since v11:
- Fixed the rebased collect_build_package_inputs() provider lookup to
pass direct_deps to collect_package_providers().
- Converted the new cpan.bbclass Python helper to 4-space indentation
to avoid parser warnings.
Validated with:
oe-selftest -r \
spdx.SPDX30Check.test_packageconfig_spdx \
spdx.SPDX30Check.test_download_location_defensive_handling \
spdx.SPDX30Check.test_version_extraction_patterns
Stefano Tondo (4):
spdx30: Add configurable file exclusion pattern support
spdx30: Add supplier support for image and SDK SBOMs
spdx30: Enrich source downloads with version and PURL
oeqa/selftest: Add tests for source download enrichment
meta/classes-recipe/cargo_common.bbclass | 3 +
meta/classes-recipe/cpan.bbclass | 11 +
meta/classes-recipe/go-mod.bbclass | 6 +
meta/classes-recipe/npm.bbclass | 7 +
meta/classes-recipe/pypi.bbclass | 6 +-
meta/classes/create-spdx-3.0.bbclass | 17 ++
meta/classes/spdx-common.bbclass | 7 +
meta/lib/oe/spdx30_tasks.py | 278 +++++++++++++++++------
meta/lib/oeqa/selftest/cases/spdx.py | 104 +++++++--
9 files changed, 345 insertions(+), 94 deletions(-)
--
2.53.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#233713):
https://lists.openembedded.org/g/openembedded-core/message/233713
Mute This Topic: https://lists.openembedded.org/mt/118463944/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
