We're using Kirkstone and wanted to take advantage of the SPDX support to use for dependency checking. The two apps we have access to are: 1. Github Dependabot (https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide) 2. Mend (https://www.mend.io/)
We generate the SPDX in a Github Action then tried uploading it using: * https://github.com/marketplace/actions/spdx-dependency-submission-action * https://pypi.org/project/mend-import-sbom/ but so far we haven't been able to get it to work. Has anyone else tried this? Thanks, Tom Isaacson -- *For more information on how and why we collect your personal information, please visit our Privacy Policy <https://www.motorolasolutions.com/en_us/about/privacy-policy.html?elqTrackId=8980d888905940e39a2613a7a3dcb0a7&elqaid=2786&elqat=2#privacystatement>.*
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#63563): https://lists.yoctoproject.org/g/yocto/message/63563 Mute This Topic: https://lists.yoctoproject.org/mt/107518802/21656 Group Owner: yocto+ow...@lists.yoctoproject.org Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
