Details
-
Task
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
Description
For various compliance purposes we need to generate a Software Bill of Materials for a server build. It's a JSON that follows a specific schema. The main purpose of it is to list dependencies of the built binaries. Dependencies here are used in the sense of vulnerability management, that is, if X contains a security vulnerability, will Y have it? In that sense CONNECT depends on minizip.
cmake knows what it links targets with, and bundled sources (like gzip or minizip) have the version embedded that cmake can read it with FILE(STRINGS ...) for example.
It seems that it should be possible to dump this information into a json template, e.g. with CONFIGURE_FILE().
Attachments
Issue Links
- relates to
-
MDEV-34287 Debian - dep 5 compatible debian/copyright
-
- Open
-
- blocks
-
PT-199 Loading...