Support for buildroot .mk files

CycloneDX / cdxgen

Creates CycloneDX Bill of Materials (BOM) for your projects from source and container images. Supports many languages and package managers. Integrate in your CI/CD pipeline with automatic submission to Dependency Track server. Google chat: https://chat.google.com/room/AAAA6l2dO60?cls=7

https://cyclonedx.github.io/cdxgen/

Apache License 2.0

576 stars 156 forks source link

Support for buildroot .mk files #543

Open prabhu opened 1 year ago

prabhu commented 1 year ago

buildroot/package directory has one directory per package.

Each package directory has a .mk file.

https://github.com/teslamotors/buildroot/blob/buildroot-2019.02/package/bison/bison.mk

The directory name is the package's name, and the *_VERSION in the .mk file is the version.

Map _SOURCE to pkg.distribution = {url: url}. index.js to be enhanced to set the externalReference based on pkg.distribution.url

https://github.com/CycloneDX/cdxgen/blob/master/index.js#L600

Map _LICENSE to pkg.license

ptdropper commented 8 months ago

Note that Buildroot has a "make" target that provides the license information and a CSV listing of all packages used in the build in one folder. Executing "make legal-info" produces the folder containing loads of details that can be used for both SBOM and OSS License data. It is a feature of Buildroot.

prabhu commented 7 months ago

@ptdropper, could you share the output file from make legal-info?