diff mbox series

[1/2] spdx30_tasks: Add summary field with fallback chain

Message ID 20251218120139.104155-2-stondo@gmail.com
State New
Headers show
Series spdx30: Add summary field and concluded license support | expand

Commit Message

Stefano Tondo Dec. 18, 2025, 12:01 p.m. UTC 
From: Stefano Tondo <stefano.tondo.ext@siemens.com>

Add automatic population of summary field with intelligent fallback
chain to improve SBOM human-readability and documentation completeness.

The summary field provides a brief description of each package in the
SBOM, making it easier for humans to understand the purpose of components
without reading full descriptions. The implementation uses a fallback
chain to ensure every package has a meaningful summary:

  SUMMARY:${package} → SUMMARY → DESCRIPTION → generated description

This improvement addresses SBOM documentation quality requirements and
makes SBOMs more useful for security review and compliance documentation.

Signed-off-by: Stefano Tondo <stefano.tondo.ext@siemens.com>
---
 meta/lib/oe/spdx30_tasks.py | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index f731a709e3..286a08ed9b 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -636,7 +636,22 @@  def create_spdx(d):
             set_var_field(
                 "HOMEPAGE", spdx_package, "software_homePage", package=package
             )
-            set_var_field("SUMMARY", spdx_package, "summary", package=package)
+            
+            # Add summary with fallback to DESCRIPTION
+            summary = None
+            if package:
+                summary = d.getVar("SUMMARY:%s" % package)
+            if not summary:
+                summary = d.getVar("SUMMARY")
+            if not summary:
+                # Fallback to DESCRIPTION if SUMMARY not available
+                summary = d.getVar("DESCRIPTION")
+            if not summary:
+                # Last resort: generate from package name
+                summary = f"Package {package or d.getVar('PN')}"
+            if summary:
+                spdx_package.summary = summary
+            
             set_var_field("DESCRIPTION", spdx_package, "description", package=package)
 
             if d.getVar("SPDX_PACKAGE_URL:%s" % package) or d.getVar("SPDX_PACKAGE_URL"):