code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Joshua Watt <JPEWhacker@gmail.com>
	Thu, 27 Jan 2022 22:48:52 +0000 (16:48 -0600)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Mon, 7 Feb 2022 10:07:38 +0000 (10:07 +0000)
commit	ca48349501e0ec93dc2448d064e1567fca390bf5
tree	767acace21ecc01039abae0a258d104919a05307	tree \| snapshot
parent	668445252fa96bd00ecdef1f610707a132eb35fc	commit \| diff

classes/create-spdx: Add packageSupplier field

Per NIST SBoM recommendations, include the Package Supplier field for
all SPDX packages that are created. This field should generally be set
to the person or organization that is performing the build, since they
would be considered the "supplier" of the SPDX packages.

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/classes/create-spdx.bbclass

diff | blob | history

Mirror of the official openembedded-core repository

RSS Atom