6.5: Backport SBOM generation
https://project.iopsys.eu/issues/13652
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
commit 240643a58c02deed4aeba67018c1fa1d9d2febe1 ┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Author: Andreas Gnau <andreas.gnau@iopsys.eu>
Date: Fri May 24 13:45:55 2024 +0200
Update feed [ iopsys ]
-------------------------------------------------------------------------------
* 4451763cee86 iop: config: Generate Cyclone DX SBOM by default
-------------------------------------------------------------------------------
commit 4451763cee86dca54dadeef0259a3b0fcbf21bb6
Author: Andreas Gnau <andreas.gnau@iopsys.eu>
Date: 2023-11-29 17:53:22 +0100
iop: config: Generate Cyclone DX SBOM by default
Generate Cyclone DX Software bill of materials (SBOM) by default. This will
enable easier license and CVE checking.
https://cyclonedx.org/
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
(cherry picked from commit 724c06037261b03b9ec5145d6773a72e31fd6de4)
Base directory -> feeds/iopsys/
iop/config | 2 ++
1 file changed, 2 insertions(+)
-------------------------------------------------------------------------------
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
commit fd944d60c9b6243edcd8abab97b9690ec3dd0d78 ┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Author: Cedric DOURLENT <cedric.dourlent@softathome.com>
Date: Fri Mar 1 16:42:34 2024 +0100
build: fix kernel component in CycloneDX SBOM
As stated in the cycloneDX documentation, the field "type" is mandatory for>
More details here (https://cyclonedx.org/docs/1.5/json/#components_items_ty>
Signed-off-by: Cedric DOURLENT <cedric.dourlent@softathome.com>
(cherry picked from commit 84331215e57090a9cdae4af75af2539c39cd7de7)
(cherry picked from commit 340e3dc4537522f44f3b8247d90b132e8e293948)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
commit 81705eb2f806edd11d65ab1b00992f665d5bc7e8 ┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Author: Petr Štetiar <ynezz@true.cz>
Date: Tue Oct 24 08:27:13 2023 +0000
build: add CycloneDX SBOM JSON support
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.
So lets add support for CycloneDX SBOM for packages and images
manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d604a07225c5c82b942cd3374cc113ad676a2519)
(cherry picked from commit 21e5db97c410f4008c8fe8515fb79a7cde368dbf)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
commit e071c44f0d0421eedd913ece82c3e4cd021f92e4 ┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Author: Petr Štetiar <ynezz@true.cz>
Date: Wed Oct 19 15:46:45 2022 +0200
package-metadata: add CPE information to JSON package manifests
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
In order for the information to be processed further, it should also be
available in JSON package manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8562c65ff8aae3899cdb190319709500b7651492)
(cherry picked from commit fdeb7d6dd050a56ede48e29f9ebfb5fe351328a5)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
commit dfbcd2bd5d5d52e8d3c923feab9545ac7f68234d ┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Author: Paul Spooren <mail@aparcar.org>
Date: Fri Sep 17 12:00:40 2021 -1000
scripts: package-metadata add pkgmanifestjson call
The new `pkgmanifestjson` call prints all package manifest of a feed in
JSON format. This function can be used to print an overview of packages
information used for downstream tooling.
The script is entirely based on Petrs work on dependency visualisation.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 3128dfc18a5eaff145d17b8a3fe1131d10922384)Edited by Andreas Gnau