[Buildroot] [PATCH v3 0/5] Extend CycloneDX metadata
Martin Willi
martin at strongswan.org
Wed Mar 25 13:33:38 UTC 2026
Adds SBOM component externalReferences with source-distribution URLs and
hashes, basic unit-tests and a minor fix root component dependencies.
Changes v2 -> v3:
- Add tests and indirect dependency fix from [1], make series standalone
- Drop build-phase/timestamp patches
- Drop manufacturer URL patches for now
- Include hash files in show-info output
[1] https://lists.buildroot.org/pipermail/buildroot/2026-March/798111.html
Martin Willi (5):
support/testing/utils: add basic tests for utils/generate-cyclonedx
utils/generate-cyclonedx: remove indirect dependencies from root
component
utils/generate-cyclonedx: generate externalReferences with
source-distribution
package/pkg-utils: add 'hashes' to show-info
utils/generate-cyclonedx: add hashes from .hash files to
externalReferences
package/pkg-utils.mk | 7 +
.../tests/utils/test_generate_cyclonedx.py | 208 ++++++++++++++++++
.../cve_upstream.patch | 11 +
utils/generate-cyclonedx | 92 +++++++-
4 files changed, 317 insertions(+), 1 deletion(-)
create mode 100644 support/testing/tests/utils/test_generate_cyclonedx.py
create mode 100644 support/testing/tests/utils/test_generate_cyclonedx/cve_upstream.patch
--
2.43.0
More information about the buildroot
mailing list