On 9/13/23 18:05, Simon Falsig wrote:
> From: Simon Falsig
>
> If a package specifies a CPE, this is extracted into the fast report for
> that package. If no CPE is specified, then no value is added.
>
> The CPE (Common Platform Enumerator) allows matching CVEs to specific
> packages, and see
From: Simon Falsig
This provides support for building SBOMs in CycloneDX format.
A target is added alongside the other reports, that (based on the
fast-bsp-report) extracts name, version, cpe and license of each target
package, and puts these into a final sbom-report in CycloneDX/JSON
format.
From: Simon Falsig
Just to see how this could look for a handful of packages. Note that all
of these have a different way of specifying the vendor ID (one is
$PACKAGE_project, one is just $PACKAGE, one is something completely
different).
---
rules/acl.make| 1 +
rules/busybox.make
From: Simon Falsig
If a package specifies a CPE, this is extracted into the fast report for
that package. If no CPE is specified, then no value is added.
The CPE (Common Platform Enumerator) allows matching CVEs to specific
packages, and see if these apply to a specific deployment.
---
Hi Gavin, Michael,
> From: Gavin Schenk
> Sent: Monday, September 11, 2023 15:11
> Hi,
>
> > On Thu, Sep 07, 2023 at 03:03:47PM +, Simon Falsig wrote:
> >> I saw a post from 2021 to the mailing list on generating SBOMs from
> ptxdist.
> >> Has there been any further work on this?
> >
> >
Hi Michael,
> From: Michael Olbrich
> Sent: Friday, September 8, 2023 20:39
>
> Hi,
>
> On Fri, Sep 08, 2023 at 09:05:26AM +, Simon Falsig wrote:
> > Thanks for your reply! I've never used Buildroot, so really good with
> > some hints as to how others solve this.
> >
> > >>My