From: Stefano Tondo <[email protected]>
This series enhances SPDX 3.0 SBOM generation with enriched
metadata and compliance-oriented controls for current master.
Changes since v13:
- Fixed patch 4/4: reverted incorrect modifications to existing SPDX
selftests that broke test_custom_annotation_vars,
test_gcc_include_source, and test_kernel_config_spdx on the
autobuilder (wrong SPDX output paths and task names).
Patch 4 now only appends two new test methods without touching any
existing upstream tests.
- Patches 1-3 are unchanged from v13.
Validated with:
oe-selftest -r \
spdx.SPDX30Check.test_download_location_defensive_handling \
spdx.SPDX30Check.test_version_extraction_patterns
Stefano Tondo (4):
spdx30: Add configurable file exclusion pattern support
spdx30: Add supplier support for image and SDK SBOMs
spdx30: Enrich source downloads with version and PURL
oeqa/selftest: Add tests for source download enrichment
meta/classes-recipe/cargo_common.bbclass | 3 +
meta/classes-recipe/cpan.bbclass | 11 +
meta/classes-recipe/go-mod.bbclass | 6 +
meta/classes-recipe/npm.bbclass | 7 +
meta/classes-recipe/pypi.bbclass | 6 +-
meta/classes/create-spdx-3.0.bbclass | 17 ++
meta/classes/spdx-common.bbclass | 7 +
meta/lib/oe/spdx30_tasks.py | 278 +++++++++++++++++------
meta/lib/oeqa/selftest/cases/spdx.py | 76 +++++++
9 files changed, 338 insertions(+), 73 deletions(-)
--
2.53.0
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#233797):
https://lists.openembedded.org/g/openembedded-core/message/233797
Mute This Topic: https://lists.openembedded.org/mt/118483003/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
