Re: [OE-core][PATCH v10 0/7] SPDX 3.0 SBOM enrichment and compliance improvements
On Fri, 2026-03-20 at 17:49 +0100, [email protected] wrote: > From: Stefano Tondo > > This series enhances SPDX 3.0 SBOM generation with enriched > metadata, ecosystem-specific Package URLs, and compliance > improvements. > > Changes since v9 (addressing Richard Purdie's review): > > 3/7: Use =+ instead of :prepend when extending > SPDX_PACKAGE_URLS from recipe classes. > > Stefano Tondo (7): > spdx30: Add configurable file exclusion pattern support > spdx30: Add supplier support for image and SDK SBOMs > spdx30: Add ecosystem-specific PURL generation via bbclasses > spdx30: Enrich source downloads with version and PURL > oeqa/selftest: Add tests for source download enrichment > cve_check: Escape special characters in CPE 2.3 strings > spdx-common: Add documentation for undocumented SPDX variables Thanks for this. I did notice that a couple of these have merged into master. We also merged Joshua's patches which these ones depend upon in order for the tests to pass. Could you rebase and resend and hopefully we can finish getting these merged? Thanks, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#233628): https://lists.openembedded.org/g/openembedded-core/message/233628 Mute This Topic: https://lists.openembedded.org/mt/118421216/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][PATCH v10 0/7] SPDX 3.0 SBOM enrichment and compliance improvements
From: Stefano Tondo This series enhances SPDX 3.0 SBOM generation with enriched metadata, ecosystem-specific Package URLs, and compliance improvements. Changes since v9 (addressing Richard Purdie's review): 3/7: Use =+ instead of :prepend when extending SPDX_PACKAGE_URLS from recipe classes. Stefano Tondo (7): spdx30: Add configurable file exclusion pattern support spdx30: Add supplier support for image and SDK SBOMs spdx30: Add ecosystem-specific PURL generation via bbclasses spdx30: Enrich source downloads with version and PURL oeqa/selftest: Add tests for source download enrichment cve_check: Escape special characters in CPE 2.3 strings spdx-common: Add documentation for undocumented SPDX variables meta/classes-recipe/cargo_common.bbclass | 3 + meta/classes-recipe/cpan.bbclass | 11 ++ meta/classes-recipe/go-mod.bbclass | 3 + meta/classes-recipe/npm.bbclass | 7 + meta/classes-recipe/pypi.bbclass | 3 + meta/classes/create-spdx-3.0.bbclass | 17 +++ meta/classes/spdx-common.bbclass | 33 + meta/lib/oe/cve_check.py | 38 - meta/lib/oe/spdx30_tasks.py | 175 +-- meta/lib/oeqa/selftest/cases/spdx.py | 71 - 10 files changed, 351 insertions(+), 10 deletions(-) -- 2.53.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#233620): https://lists.openembedded.org/g/openembedded-core/message/233620 Mute This Topic: https://lists.openembedded.org/mt/118421216/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
