Skip to content

Enable spdx SBoM creation and cve report by default#21

Open
t-mon wants to merge 1 commit into
kirkstonefrom
add-sbom-creation
Open

Enable spdx SBoM creation and cve report by default#21
t-mon wants to merge 1 commit into
kirkstonefrom
add-sbom-creation

Conversation

@t-mon

@t-mon t-mon commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

The enables chargebyte yocto bsp to create the json spdx format based Software Bill of Material in order to be complaint with the CRA.

The resulting <image-name>.spdx.tar.zst and <image-name>.rootfs.cve can be released together with each release.

@t-mon t-mon requested review from barsnick and mhei July 6, 2026 07:51
Comment thread conf/local.conf Outdated
…stem.

Signed-off-by: Simon Stürz <simon.stuerz@chargebyte.com>
@t-mon t-mon force-pushed the add-sbom-creation branch from 5065b46 to f8c15a6 Compare July 7, 2026 09:36
@t-mon t-mon requested a review from mhei July 7, 2026 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants