Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate file information #2

Open
alilleybrinker opened this issue May 25, 2022 · 2 comments
Open

Generate file information #2

alilleybrinker opened this issue May 25, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@alilleybrinker
Copy link
Owner

alilleybrinker commented May 25, 2022
edited
Loading

SPDX includes recording of files which are present in a software bundle. For us at minimum this means specification of files in the current crate.
@alilleybrinker alilleybrinker added the enhancement New feature or request label May 25, 2022
@tofay
Copy link
Contributor

tofay commented Jul 10, 2022

#10 adds file information to binary SBOMs of Rust source files used in the build.
Doesn't handle non-Rust files yet, e.g files used in build scripts.

For crate SBOMs, I suggest we use cargo package --list to get a list of the packages in the crate, and add them to the SBOM.

@tofay
Copy link
Contributor

tofay commented Jul 10, 2022

I've verified that the cargo package --list approach works fine at: tofay@992cd85#diff-42cb6807ad74b3e201c5a7ca98b911c5fa08380e942be6e4ac5807f8377f87fcR62-R82, and successfully used in on some projects that have multiple workspace members.

That builds on #9 so I'll wait til that's resolved before sending more PRs!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
cargo-spdx Minimum Viable Product
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alilleybrinker @tofay