Google Git
Sign in
pigweed / third_party / github / zephyrproject-rtos / zephyr / 0d05318c96ee38493e6a0411be639ebf04fe2e58
commit0d05318c96ee38493e6a0411be639ebf04fe2e58[log] [tgz]
authorThomas Gagneret <thomas.gagneret@hexploy.com>Thu Jan 18 17:31:46 2024 +0100
committerAnas Nashif <anas.nashif@intel.com>Fri Jun 14 19:07:48 2024 -0400
treeda666be0f1d08e03dc359ea8dbaa76dcb3ebb6c5
parenteaa903d8526f680bbe3eed4eee636b8280582cbd [diff]
scripts: zephyr_module: Add URL, version to SPDX

Improve the SPDX with the current values:
 - URL: extracted from `git remote`. If more than one remote, URL is not
 set.
 - Version: extracted from `git rev-parse` (commit id).
 - PURL and CPE for Zephyr: generated from URL and version.

For zephyr, the tag is extracted, if present, and replace the commit id for
the version field.
Since official modules does not have tags, tags are not yet extracted for
modules.

To track vulnerabilities from modules dependencies, a new SBOM,
`modules-deps.spdx` was created. It contains the `external-references`
provided by the modules. It allows to easily track vulnerabilities from
these external dependencies.

Signed-off-by: Thomas Gagneret <thomas.gagneret@hexploy.com>
8 files changed
tree: da666be0f1d08e03dc359ea8dbaa76dcb3ebb6c5
  1. .github/
  2. arch/
  3. boards/
  4. cmake/
  5. doc/
  6. drivers/
  7. dts/
  8. include/
  9. kernel/
  10. lib/
  11. misc/
  12. modules/
  13. samples/
  14. scripts/
  15. share/
  16. snippets/
  17. soc/
  18. submanifests/
  19. subsys/
  20. tests/
  21. .checkpatch.conf
  22. .clang-format
  23. .codecov.yml
  24. .editorconfig
  25. .gitattributes
  26. .gitignore
  27. .gitlint
  28. .mailmap
  29. .yamllint
  30. CMakeLists.txt
  31. CODE_OF_CONDUCT.md
  32. CODEOWNERS
  33. CONTRIBUTING.rst
  34. Kconfig
  35. Kconfig.zephyr
  36. LICENSE
  37. MAINTAINERS.yml
  38. README.rst
  39. SDK_VERSION
  40. VERSION
  41. version.h.in
  42. west.yml
  43. zephyr-env.cmd
  44. zephyr-env.sh