| Message ID | 20260320164951.128572-1-stondo@gmail.com |
|---|---|
| Headers | show |
| Series | SPDX 3.0 SBOM enrichment and compliance improvements | expand |
On Fri, 2026-03-20 at 17:49 +0100, stondo@gmail.com wrote: > From: Stefano Tondo <stefano.tondo.ext@siemens.com> > > This series enhances SPDX 3.0 SBOM generation with enriched > metadata, ecosystem-specific Package URLs, and compliance > improvements. > > Changes since v9 (addressing Richard Purdie's review): > > 3/7: Use =+ instead of :prepend when extending > SPDX_PACKAGE_URLS from recipe classes. > > Stefano Tondo (7): > spdx30: Add configurable file exclusion pattern support > spdx30: Add supplier support for image and SDK SBOMs > spdx30: Add ecosystem-specific PURL generation via bbclasses > spdx30: Enrich source downloads with version and PURL > oeqa/selftest: Add tests for source download enrichment > cve_check: Escape special characters in CPE 2.3 strings > spdx-common: Add documentation for undocumented SPDX variables Thanks for this. I did notice that a couple of these have merged into master. We also merged Joshua's patches which these ones depend upon in order for the tests to pass. Could you rebase and resend and hopefully we can finish getting these merged? Thanks, Richard
From: Stefano Tondo <stefano.tondo.ext@siemens.com> This series enhances SPDX 3.0 SBOM generation with enriched metadata, ecosystem-specific Package URLs, and compliance improvements. Changes since v9 (addressing Richard Purdie's review): 3/7: Use =+ instead of :prepend when extending SPDX_PACKAGE_URLS from recipe classes. Stefano Tondo (7): spdx30: Add configurable file exclusion pattern support spdx30: Add supplier support for image and SDK SBOMs spdx30: Add ecosystem-specific PURL generation via bbclasses spdx30: Enrich source downloads with version and PURL oeqa/selftest: Add tests for source download enrichment cve_check: Escape special characters in CPE 2.3 strings spdx-common: Add documentation for undocumented SPDX variables meta/classes-recipe/cargo_common.bbclass | 3 + meta/classes-recipe/cpan.bbclass | 11 ++ meta/classes-recipe/go-mod.bbclass | 3 + meta/classes-recipe/npm.bbclass | 7 + meta/classes-recipe/pypi.bbclass | 3 + meta/classes/create-spdx-3.0.bbclass | 17 +++ meta/classes/spdx-common.bbclass | 33 +++++ meta/lib/oe/cve_check.py | 38 ++++- meta/lib/oe/spdx30_tasks.py | 175 +++++++++++++++++++++-- meta/lib/oeqa/selftest/cases/spdx.py | 71 ++++++++- 10 files changed, 351 insertions(+), 10 deletions(-)