Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-5743

Add License and Copyright Fields to SBOM Dependencies

    XMLWordPrintable

Details

    • Task
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • 25.01.4
    • Packaging
    • None

    Description

      We added two additional fields to the Enterprise SBOM and would like to ensure that these fields are also included in the MaxScale SBOM for consistency as this customer uses both Enterprise and MaxScale.

      We added 2 additional fields for each dependency/package for Enterprise:

      • License/license text: license of the 3rd party component
      • Copyright statement: copyright information of the 3rd party component

      We have created a Wiki page that provides information on these fields, and how they can be added to an SBOM document. This page also contains a full example.

      The relevant fields are:

      • Package level: license > licenseConcluded
      • Package level: copyright statement > copyrightText

      Please note that NOASSERTION is also a possible value for these fields.

      Enterprise Ticket Reference: https://mariadbcorp.atlassian.net/browse/PT-438

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-36398 Extend SBOM with 'license' and 'copyright'

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              markus makela markus makela
              mdeweerd Michael Deweerd
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.