[Buildroot] [PATCH v2 0/7] Add additional CycloneDX SBOM controls
Martin Willi
martin at strongswan.org
Thu Mar 5 11:54:06 UTC 2026
Adds command line options to control patch diffs, reference Upstream: URLs
and filter package types from output. Introduce unit-tests for existing and
new generate-cyclonedx functionality.
Changes v1 -> v2:
- Add a new fix removing indirect dependencies from root component
- Filter --no-skeleton/host packages and deps early from show-info output
- Drop --no-vuln patch and let external tooling do it for now. CSAF VEX
generation may be added in a future series.
- Keep patch type "unofficial", regardless of any Upstream: URL
- Introduce unit-test first, then extend it for each added feature
Martin Willi (7):
support/testing/utils: add basic tests for utils/generate-cyclonedx
utils/generate-cyclonedx: remove indirect dependencies from root
component
utils/generate-cyclonedx: add option to control patch diff inclusion
in SBOM
utils/generate-cyclonedx: allow referencing patches by upstream URL
utils/generate-cyclonedx: allow filtering skeleton packages from SBOM
utils/generate-cyclonedx: allow filtering host packages from SBOM
utils/generate-cyclonedx: omit BR_TYPE property if --no-host given
.../tests/utils/test_generate_cyclonedx.py | 204 ++++++++++++++++++
.../cve_upstream.patch | 11 +
.../test_generate_cyclonedx/no_upstream.patch | 10 +
utils/generate-cyclonedx | 164 +++++++++++---
4 files changed, 354 insertions(+), 35 deletions(-)
create mode 100644 support/testing/tests/utils/test_generate_cyclonedx.py
create mode 100644 support/testing/tests/utils/test_generate_cyclonedx/cve_upstream.patch
create mode 100644 support/testing/tests/utils/test_generate_cyclonedx/no_upstream.patch
--
2.43.0
More information about the buildroot
mailing list