1 files changed, 26 insertions, 0 deletions
diff --git a/documentation/ref-manual/terms.rst b/documentation/ref-manual/terms.rst
index 40209528ba..4711d7df7b 100644
--- a/documentation/ref-manual/terms.rst
+++ b/documentation/ref-manual/terms.rst
@@ -321,6 +321,23 @@ universal, the list includes them just in case:
      :term:`build host<Build Host>` and other components, that can
      work on specific hardware.
+   :term:`SBOM`
+      This term means *Software Bill of Materials*. When you distribute
+      software, it offers a description of all the components you used,
+      their corresponding licenses, their dependencies, the changes that were
+      applied and the known vulnerabilities that were fixed.
+      This can be used by the recipients of the software to assess
+      their exposure to license compliance and security vulnerability issues.
+      See the `Software Supply Chain <https://en.wikipedia.org/wiki/Software_supply_chain>`__
+      article on Wikipedia for more details.
+      The OpenEmbedded Build System can generate such documentation for your
+      project, in :term:`SPDX` format, based on all the metadata it used to
+      build the software images. See the ":ref:`dev-manual/common-tasks:creating
+      a software bill of materials`" section of the Development Tasks manual.
   :term:`Source Directory`
     This term refers to the directory structure
     created as a result of creating a local copy of the ``poky`` Git
@@ -381,6 +398,15 @@ universal, the list includes them just in case:
     ":ref:`overview-manual/development-environment:repositories, tags, and branches`"
     section in the Yocto Project Overview and Concepts Manual.
+   :term:`SPDX`
+      This term means *Software Package Data Exchange*, and is used as a open
+      standard for providing a *Software Bill of Materials* (:term:`SBOM`).
+      This standard is developed through a `Linux Foundation project
+      <https://spdx.dev/>`__ and is used by the OpenEmbedded Build System to
+      provide an :term:`SBOM` associated to each a software image.
+      For details, see Wikipedia's `SPDX page <https://en.wikipedia.org/wiki/Software_Package_Data_Exchange>`__.
   :term:`Sysroot`
      When cross-compiling, the target file system may be differently laid
      out and contain different things compared to the host system. The concept

diff --git a/documentation/ref-manual/terms.rst b/documentation/ref-manual/terms.rst index 40209528ba..4711d7df7b 100644 --- a/documentation/ref-manual/terms.rst +++ b/documentation/ref-manual/terms.rst
@@ -321,6 +321,23 @@ universal, the list includes them just in case:
321	:term:`build host<Build Host>` and other components, that can	321	:term:`build host<Build Host>` and other components, that can
322	work on specific hardware.	322	work on specific hardware.
323		323
		324	:term:`SBOM`
		325	This term means Software Bill of Materials. When you distribute
		326	software, it offers a description of all the components you used,
		327	their corresponding licenses, their dependencies, the changes that were
		328	applied and the known vulnerabilities that were fixed.
		329
		330	This can be used by the recipients of the software to assess
		331	their exposure to license compliance and security vulnerability issues.
		332
		333	See the `Software Supply Chain <https://en.wikipedia.org/wiki/Software_supply_chain>`__
		334	article on Wikipedia for more details.
		335
		336	The OpenEmbedded Build System can generate such documentation for your
		337	project, in :term:`SPDX` format, based on all the metadata it used to
		338	build the software images. See the ":ref:`dev-manual/common-tasks:creating
		339	a software bill of materials`" section of the Development Tasks manual.
		340
324	:term:`Source Directory`	341	:term:`Source Directory`
325	This term refers to the directory structure	342	This term refers to the directory structure
326	created as a result of creating a local copy of the ``poky`` Git	343	created as a result of creating a local copy of the ``poky`` Git
@@ -381,6 +398,15 @@ universal, the list includes them just in case:
381	":ref:`overview-manual/development-environment:repositories, tags, and branches`"	398	":ref:`overview-manual/development-environment:repositories, tags, and branches`"
382	section in the Yocto Project Overview and Concepts Manual.	399	section in the Yocto Project Overview and Concepts Manual.
383		400
		401	:term:`SPDX`
		402	This term means Software Package Data Exchange, and is used as a open
		403	standard for providing a Software Bill of Materials (:term:`SBOM`).
		404	This standard is developed through a `Linux Foundation project
		405	<https://spdx.dev/>`__ and is used by the OpenEmbedded Build System to
		406	provide an :term:`SBOM` associated to each a software image.
		407
		408	For details, see Wikipedia's `SPDX page <https://en.wikipedia.org/wiki/Software_Package_Data_Exchange>`__.
		409
384	:term:`Sysroot`	410	:term:`Sysroot`
385	When cross-compiling, the target file system may be differently laid	411	When cross-compiling, the target file system may be differently laid
386	out and contain different things compared to the host system. The concept	412	out and contain different things compared to the host system. The concept