Team,
Thanks again for continuing to improve Yocto/OE.
I have a question about the capabilities of the create-spdx.bbclass. I
understand it will can an sBOM entry for each recipe.
Can create-spdx.bbclass handle multiple components per recipe? For
example, my bitbake recipe produces a web application which packages
many HTML components. I would like to have the recipe included in the
SBOM together with the components which are packaged into the web
application files. Is there a way to do that?
Specifically, the OpenBMC web application uses various NPM compoents to
provide it functionality in the end-user's browser.
Recipe:
https://github.com/openbmc/openbmc/blob/master/meta-phosphor/recipes-phosphor/webui/webui-vue_git.bb
Project source: https://github.com/openbmc/webui-vue/
NPM packages are specified here:
https://github.com/openbmc/webui-vue/blob/master/package-lock.json
Package-lock docs:
https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json
I want my SBOM to include the webui-vue application together with each
of the NPM packages it uses.
How can I do that?
Sincerely,
Joseph Reynolds
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#177174):
https://lists.openembedded.org/g/openembedded-core/message/177174
Mute This Topic: https://lists.openembedded.org/mt/96969479/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
