mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-18 03:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

ref-manual: terms.rst: add SBOM and SPDX terms

Browse Source 
(From yocto-docs rev: 2c53ac40e99a7957736276c5bf925b3f81544aa5)

Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Michael Opdenacker
2022-10-28 11:14:46 +02:00
committed by Richard Purdie
parent 7f3e02fe74
commit d16cdfae31
1 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
documentation/ref-manual/terms.rst
View File

@@ -321,6 +321,23 @@ universal, the list includes them just in case:
:term:`build host<Build Host>` and other components, that can
work on specific hardware.
:term:`SBOM`
This term means *Software Bill of Materials*. When you distribute
software, it offers a description of all the components you used,
their corresponding licenses, their dependencies, the changes that were
applied and the known vulnerabilities that were fixed.
This can be used by the recipients of the software to assess
their exposure to license compliance and security vulnerability issues.
See the `Software Supply Chain <https://en.wikipedia.org/wiki/Software_supply_chain>`__
article on Wikipedia for more details.
The OpenEmbedded Build System can generate such documentation for your
project, in :term:`SPDX` format, based on all the metadata it used to
build the software images. See the ":ref:`dev-manual/common-tasks:creating
a software bill of materials`" section of the Development Tasks manual.
:term:`Source Directory`
This term refers to the directory structure
created as a result of creating a local copy of the ``poky`` Git
@@ -381,6 +398,15 @@ universal, the list includes them just in case:
":ref:`overview-manual/development-environment:repositories, tags, and branches`"
section in the Yocto Project Overview and Concepts Manual.
:term:`SPDX`
This term means *Software Package Data Exchange*, and is used as a open
standard for providing a *Software Bill of Materials* (:term:`SBOM`).
This standard is developed through a `Linux Foundation project
<https://spdx.dev/>`__ and is used by the OpenEmbedded Build System to
provide an :term:`SBOM` associated to each a software image.
For details, see Wikipedia's `SPDX page <https://en.wikipedia.org/wiki/Software_Package_Data_Exchange>`__.
:term:`Sysroot`
When cross-compiling, the target file system may be differently laid
out and contain different things compared to the host system. The concept