[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #64591] SBOM-friendly CMake-like File API for GNU Make
From: |
David Edelsohn |
Subject: |
[bug #64591] SBOM-friendly CMake-like File API for GNU Make |
Date: |
Thu, 24 Aug 2023 13:11:51 -0400 (EDT) |
URL:
<https://savannah.gnu.org/bugs/?64591>
Summary: SBOM-friendly CMake-like File API for GNU Make
Group: make
Submitter: edelsohn
Submitted: Thu 24 Aug 2023 05:11:49 PM UTC
Severity: 3 - Normal
Item Group: Enhancement
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Component Version: SCM
Operating System: None
Fixed Release: None
Triage Status: None
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Thu 24 Aug 2023 05:11:49 PM UTC By: David Edelsohn <edelsohn>
cmake-spdx (https://github.com/swinslow/cmake-spdx) utilizes CMake File API
(https://cmake.org/cmake/help/latest/manual/cmake-file-api.7.html) to query,
observe, and parse information about the build process to allow the tool to
create an SPDX SBOM file. While CMake could be unaware of some dependencies
and files, and is not a perfect solution, it is a step toward SBOM compliance
that many software packages will utilize. GNU Make should provide an API with
similar functionality to CMake File API, which would allow tools to generate
manifests such as SPDX SBOM. This will allow better and easier visibility into
the licenses used by packages built by GNU Make.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?64591>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #64591] SBOM-friendly CMake-like File API for GNU Make,
David Edelsohn <=