Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-34979

generate SBOM from server builds

    XMLWordPrintable

Details

    Description

      For various compliance purposes we need to generate a Software Bill of Materials for a server build. It's a JSON that follows a specific schema. The main purpose of it is to list dependencies of the built binaries. Dependencies here are used in the sense of vulnerability management, that is, if X contains a security vulnerability, will Y have it? In that sense CONNECT depends on minizip.

      cmake knows what it links targets with, and bundled sources (like gzip or minizip) have the version embedded that cmake can read it with FILE(STRINGS ...) for example.

      It seems that it should be possible to dump this information into a json template, e.g. with CONFIGURE_FILE().

      Attachments

        Issue Links

          Activity

            People

              wlad Vladislav Vaintroub
              serg Sergei Golubchik
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.