Hi, I'm brand new to the group, apologies if this is not the right spot. I've been working a lot with SBOMs for embedded devices lately and been playing around with the recipes for spdx and cve with limited success. The SPDX on even a minimal image creates 500ish SPDX files and then it has to be with the CPE data. I've had some good success with CycloneDX. Anyone else running in to this?
https://docs.yoctoproject.org/dev/dev-manual/vulnerabilities.html and https://docs.yoctoproject.org/dev/dev-manual/sbom.html
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#199819): https://lists.openembedded.org/g/openembedded-core/message/199819 Mute This Topic: https://lists.openembedded.org/mt/106269642/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
