[Buildroot] [PATCH 0/7] Add PURL support
Thomas Perale
thomas.perale at mind.be
Tue Apr 15 19:55:33 UTC 2025
This patch series add support for the PURL.
https://github.com/package-url/purl-spec
PURL are a software identifier similar to CPE.
More information on PURL can be found in the first patch of the series.
After testing the usage of PURL with DependencyTrack and
https://ossindex.sonatype.org I can see that it improves the tracking
of CVEs and version bump. Since it's easy to automate the PURL
generation in buildroot I wrote this patch that I use to add PURL to
CycloneDX SBOM.
The series includes support for PURL for these 'ecosystems':
- pypi
- cargo
- cpan
- golang
The tracking of CPAN packages is not supported by OSSIndex but these
changes were proposed by François Perrad in the following series:
https://lore.kernel.org/buildroot/20240407144250.7558-1-francois.perrad@gadz.org/
Thomas Perale (7):
package/pkg-generic.mk: add PURL package variable
package/pkg-download: add 'owner' macro
package/pkg-golang: support PURL generation
package/pkg-cargo: support PURL generation
package/pkg-perl: support PURL generation
package/pkg-python: support PURL generation
package/pkg-utils: add PURL to show-info output
package/pkg-cargo.mk | 8 ++++++
package/pkg-download.mk | 3 +++
package/pkg-generic.mk | 53 ++++++++++++++++++++++++++++++++++++++++
package/pkg-golang.mk | 16 ++++++++++++
package/pkg-perl.mk | 24 ++++++++++++++++++
package/pkg-python.mk | 16 ++++++++++++
package/pkg-utils.mk | 3 +++
utils/generate-cyclonedx | 3 +++
8 files changed, 126 insertions(+)
--
2.49.0
More information about the buildroot
mailing list