diff options
author | Michael Opdenacker <michael.opdenacker@bootlin.com> | 2022-11-25 18:09:24 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-12-01 19:20:29 +0000 |
commit | 0825238c3df3aa518ba4971c622b843fa6c87cc1 (patch) | |
tree | ff2793e975f818ee5839c488c0d17784e828ee25 /documentation | |
parent | 945c669138a76be18c6b4da4f8f907d2a5cfd83f (diff) | |
download | poky-0825238c3df3aa518ba4971c622b843fa6c87cc1.tar.gz |
dev-manual/sbom.rst: minor corrections
(From yocto-docs rev: 56bf7a3e521e7368e620685354aa89f540bb7564)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation')
-rw-r--r-- | documentation/dev-manual/sbom.rst | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/documentation/dev-manual/sbom.rst b/documentation/dev-manual/sbom.rst index f80e81279a..d155b4775f 100644 --- a/documentation/dev-manual/sbom.rst +++ b/documentation/dev-manual/sbom.rst | |||
@@ -9,7 +9,8 @@ each software component are all identified (see | |||
9 | fixes are applied (see ":ref:`dev-manual/vulnerabilities:checking | 9 | fixes are applied (see ":ref:`dev-manual/vulnerabilities:checking |
10 | for vulnerabilities`"), the OpenEmbedded build system can generate | 10 | for vulnerabilities`"), the OpenEmbedded build system can generate |
11 | a description of all the components you used, their licenses, their dependencies, | 11 | a description of all the components you used, their licenses, their dependencies, |
12 | the changes that were applied and the known vulnerabilities that were fixed. | 12 | their sources, the changes that were applied to them and the known |
13 | vulnerabilities that were fixed. | ||
13 | 14 | ||
14 | This description is generated in the form of a *Software Bill of Materials* | 15 | This description is generated in the form of a *Software Bill of Materials* |
15 | (:term:`SBOM`), using the :term:`SPDX` standard. | 16 | (:term:`SBOM`), using the :term:`SPDX` standard. |
@@ -42,9 +43,9 @@ The :ref:`create-spdx <ref-classes-create-spdx>` class offers options to include | |||
42 | more information in the output :term:`SPDX` data, such as making the generated | 43 | more information in the output :term:`SPDX` data, such as making the generated |
43 | files more human readable (:term:`SPDX_PRETTY`), adding compressed archives of | 44 | files more human readable (:term:`SPDX_PRETTY`), adding compressed archives of |
44 | the files in the generated target packages (:term:`SPDX_ARCHIVE_PACKAGED`), | 45 | the files in the generated target packages (:term:`SPDX_ARCHIVE_PACKAGED`), |
45 | adding a description of the source files handled by the target recipes | 46 | adding a description of the source files used to generate host tools and target |
46 | (:term:`SPDX_INCLUDE_SOURCES`) and adding archives of these source files | 47 | packages (:term:`SPDX_INCLUDE_SOURCES`) and adding archives of these source |
47 | themselves (:term:`SPDX_ARCHIVE_SOURCES`). | 48 | files themselves (:term:`SPDX_ARCHIVE_SOURCES`). |
48 | 49 | ||
49 | Though the toplevel :term:`SPDX` output is available in | 50 | Though the toplevel :term:`SPDX` output is available in |
50 | ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary | 51 | ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary |