Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36398

Extend SBOM with 'license' and 'copyright'

Details

    • Task
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 11.8
    • None
    • None

    Description

      A customer is asking to extend SBOMs beyond their original goal of NTIA and executive order compliance. Apparently, own product and dependencies need to be have license and copyright statement.

      copyright statement can be deduced automatically, so there must be some file that we can hardcode this information in.

      License (as SPDX-id) can in theory be deduced by github APIs

      Attachments

        Issue Links

          relates to

          PT-438 Failed to load

          Activity

            serg Sergei Golubchik added a comment -

            there were discussions about machine-parseable license file that distros at some point wanted.
            if we'll have that we can machine-parse it from cmake for SBOM

            serg Sergei Golubchik added a comment - there were discussions about machine-parseable license file that distros at some point wanted. if we'll have that we can machine-parse it from cmake for SBOM

            People

              wlad Vladislav Vaintroub
              wlad Vladislav Vaintroub
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.