diff options
| author | Michael Opdenacker <michael.opdenacker@bootlin.com> | 2022-10-28 11:14:46 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-11-07 21:31:32 +0000 |
| commit | d16cdfae31e82e1760e8b04e0d40ab8fedc88b2f (patch) | |
| tree | 52c2871df32b428b0eaae7d5695d84f444c3249d | |
| parent | 7f3e02fe740fa4e5e44151dc5ca447611a35f75d (diff) | |
| download | poky-d16cdfae31e82e1760e8b04e0d40ab8fedc88b2f.tar.gz | |
ref-manual: terms.rst: add SBOM and SPDX terms
(From yocto-docs rev: 2c53ac40e99a7957736276c5bf925b3f81544aa5)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | documentation/ref-manual/terms.rst | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/documentation/ref-manual/terms.rst b/documentation/ref-manual/terms.rst index 40209528ba..4711d7df7b 100644 --- a/documentation/ref-manual/terms.rst +++ b/documentation/ref-manual/terms.rst | |||
| @@ -321,6 +321,23 @@ universal, the list includes them just in case: | |||
| 321 | :term:`build host<Build Host>` and other components, that can | 321 | :term:`build host<Build Host>` and other components, that can |
| 322 | work on specific hardware. | 322 | work on specific hardware. |
| 323 | 323 | ||
| 324 | :term:`SBOM` | ||
| 325 | This term means *Software Bill of Materials*. When you distribute | ||
| 326 | software, it offers a description of all the components you used, | ||
| 327 | their corresponding licenses, their dependencies, the changes that were | ||
| 328 | applied and the known vulnerabilities that were fixed. | ||
| 329 | |||
| 330 | This can be used by the recipients of the software to assess | ||
| 331 | their exposure to license compliance and security vulnerability issues. | ||
| 332 | |||
| 333 | See the `Software Supply Chain <https://en.wikipedia.org/wiki/Software_supply_chain>`__ | ||
| 334 | article on Wikipedia for more details. | ||
| 335 | |||
| 336 | The OpenEmbedded Build System can generate such documentation for your | ||
| 337 | project, in :term:`SPDX` format, based on all the metadata it used to | ||
| 338 | build the software images. See the ":ref:`dev-manual/common-tasks:creating | ||
| 339 | a software bill of materials`" section of the Development Tasks manual. | ||
| 340 | |||
| 324 | :term:`Source Directory` | 341 | :term:`Source Directory` |
| 325 | This term refers to the directory structure | 342 | This term refers to the directory structure |
| 326 | created as a result of creating a local copy of the ``poky`` Git | 343 | created as a result of creating a local copy of the ``poky`` Git |
| @@ -381,6 +398,15 @@ universal, the list includes them just in case: | |||
| 381 | ":ref:`overview-manual/development-environment:repositories, tags, and branches`" | 398 | ":ref:`overview-manual/development-environment:repositories, tags, and branches`" |
| 382 | section in the Yocto Project Overview and Concepts Manual. | 399 | section in the Yocto Project Overview and Concepts Manual. |
| 383 | 400 | ||
| 401 | :term:`SPDX` | ||
| 402 | This term means *Software Package Data Exchange*, and is used as a open | ||
| 403 | standard for providing a *Software Bill of Materials* (:term:`SBOM`). | ||
| 404 | This standard is developed through a `Linux Foundation project | ||
| 405 | <https://spdx.dev/>`__ and is used by the OpenEmbedded Build System to | ||
| 406 | provide an :term:`SBOM` associated to each a software image. | ||
| 407 | |||
| 408 | For details, see Wikipedia's `SPDX page <https://en.wikipedia.org/wiki/Software_Package_Data_Exchange>`__. | ||
| 409 | |||
| 384 | :term:`Sysroot` | 410 | :term:`Sysroot` |
| 385 | When cross-compiling, the target file system may be differently laid | 411 | When cross-compiling, the target file system may be differently laid |
| 386 | out and contain different things compared to the host system. The concept | 412 | out and contain different things compared to the host system. The concept |