From 0825238c3df3aa518ba4971c622b843fa6c87cc1 Mon Sep 17 00:00:00 2001 From: Michael Opdenacker Date: Fri, 25 Nov 2022 18:09:24 +0100 Subject: dev-manual/sbom.rst: minor corrections (From yocto-docs rev: 56bf7a3e521e7368e620685354aa89f540bb7564) Signed-off-by: Michael Opdenacker Signed-off-by: Richard Purdie --- documentation/dev-manual/sbom.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'documentation/dev-manual') diff --git a/documentation/dev-manual/sbom.rst b/documentation/dev-manual/sbom.rst index f80e81279a..d155b4775f 100644 --- a/documentation/dev-manual/sbom.rst +++ b/documentation/dev-manual/sbom.rst @@ -9,7 +9,8 @@ each software component are all identified (see fixes are applied (see ":ref:`dev-manual/vulnerabilities:checking for vulnerabilities`"), the OpenEmbedded build system can generate a description of all the components you used, their licenses, their dependencies, -the changes that were applied and the known vulnerabilities that were fixed. +their sources, the changes that were applied to them and the known +vulnerabilities that were fixed. This description is generated in the form of a *Software Bill of Materials* (:term:`SBOM`), using the :term:`SPDX` standard. @@ -42,9 +43,9 @@ The :ref:`create-spdx ` class offers options to include more information in the output :term:`SPDX` data, such as making the generated files more human readable (:term:`SPDX_PRETTY`), adding compressed archives of the files in the generated target packages (:term:`SPDX_ARCHIVE_PACKAGED`), -adding a description of the source files handled by the target recipes -(:term:`SPDX_INCLUDE_SOURCES`) and adding archives of these source files -themselves (:term:`SPDX_ARCHIVE_SOURCES`). +adding a description of the source files used to generate host tools and target +packages (:term:`SPDX_INCLUDE_SOURCES`) and adding archives of these source +files themselves (:term:`SPDX_ARCHIVE_SOURCES`). Though the toplevel :term:`SPDX` output is available in ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary -- cgit v1.2.3-54-g00ecf