Skip to content

Draft: Feature/pvsbom

Felipe Ortiz requested to merge feature/pvsbom into master

Adds small command line app to create an SPDX SBOM for Pantavisor The application is pretty simple, only needs 3 parameters:

usage: pvsbom [-h] -c CONFIG -o OUTPUT repo

positional arguments:
  repo                  repository location

options:
  -h, --help            show this help message and exit
  -c CONFIG, --config CONFIG
                        config file location
  -o OUTPUT, --output OUTPUT
                        output file name

The config file has 3 sections:

  • document: here the document metadata is defined
  • skip-projects: list of project names that should not be analyzed
  • versions: a pair of names and scripts needed to get version of each project. That scripts always run in the root of the project. A complete example is included in the example/ folder
Edited by Felipe Ortiz

Merge request reports