Loading...

XML

Word

Printable

Details

Type: Task
Resolution: Unresolved
Priority: P2: Important
Fix Version/s: None
Affects Version/s: None
Component/s: Build System: CMake, Documentation
Labels:
None

Epic Link:
SBOM for Qt
Commits:
fb1fd94eb (6.9), 2d6f06df6 (6.9), 83d570790 (tqtc/lts-6.8), 8e1a2810e (tqtc/lts-6.8), 116d73f76 (tqtc/lts-6.8), 92f476c66 (tqtc/lts-6.8), eb5d6e6c3 (tqtc/lts-6.8), 3fe5821da (master), 41d599f81 (dev), dc3c1708c (6.9), d2797e5fd (tqtc/lts-6.8)

Description

All our 3rd party sources have (or should have) an accompanying qt_attribution.json file.

To more easily track our 3rd party supply chain, we should add relevant CPE and PURL values to the qt_attribution.json files in all our repositories.

What CPE and PURL means can be found at https://wiki.qt.io/SBOM#CPE_and_PURL_values_in_qt_attribution.json_files

qtbase is handled via https://codereview.qt-project.org/c/qt/qtbase/+/578553

We need to the same for the following repos:

qt3d
qt5compat
qtapplicationmanager
qtconnectivity
qtdeclarative
qtgrpc
qtimageformats
qtinterfaceframework
qtmultimedia
qtopcua
qtpositioning
qtquick3d
qtsensors
qtshadertools
qtsvg
qttools
qtvehicleservices
qtvirtualkeyboard
qtwayland

Attachments

Issue Links

is blocked by

QTQAINFRA-6637 Update provisioned qdoc, qtattributionsscanner to Qt 6.8.0

Closed

split from

QTBUG-122899 Generate SBOM from Qt build system

Closed

mentioned in: Page Loading...

Sub-Tasks

1.	Add CPE and PURL info for qtimageformats	Closed	Qt Build System Team
2.	Add CPE and PURL info for qtsvg	Closed	Qt Build System Team
3.	Add CPE and PURL info for qtconnectivity	Closed	Qt Build System Team
4.	Add CPE and PURL info for qtshadertools	Closed	Qt Build System Team
5.	Add CPE and PURL info for qt5compat	Closed	Qt Build System Team
6.	Add CPE and PURL info for qtopcua	Closed	Qt Build System Team
7.	Add CPE and PURL info for qtpositioning	Closed	Qt Build System Team
8.	Add CPE and PURL info for qtsensors	Closed	Qt Build System Team
9.	Add CPE and PURL info for qtquick3d	Closed	Qt Build System Team
10.	Add CPE and PURL info for qtmultimedia	Reported	Qt Build System Team
11.	Add CPE and PURL info for qttools	Closed	Qt Build System Team
12.	Add CPE and PURL info for qtdeclarative	Reported	Qt Build System Team
13.	Add CPE and PURL info for qtgrpc	Closed	Qt Build System Team
14.	Add CPE and PURL info for qtgrpc	Reported	Qt Build System Team

Gerrit Reviews

- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-129602
#	Subject	Branch	Project	Status	CR	V
648779,2	CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qtmultimedia	Status: NEW	+2	0
648784,3	CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qtdeclarative	Status: NEW	+2	0
648789,2	WIP: CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qtgrpc	Status: NEW	-2	0
578553,44	CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qtbase	Status: MERGED	+2	0
604618,3	CMake: Add PURL and CPE info to 3rd party attribution files	6.8	qt/qtbase	Status: MERGED	+2	0
619761,2	CMake: Add PURL and CPE info to 3rd party attribution files	tqtc/lts-6.5	qt/tqtc-qtbase	Status: MERGED	+2	0
623805,2	CMake: Fix broken qt_attribution.json files after cherry-pick	tqtc/lts-6.5	qt/tqtc-qtbase	Status: MERGED	+2	0
648203,6	CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qtimageformats	Status: MERGED	+2	0
648208,4	CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qtshadertools	Status: MERGED	+2	+1
648212,2	CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qtopcua	Status: MERGED	+2	+1
648213,2	CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qtpositioning	Status: MERGED	+2	+1
648217,2	CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qtsensors	Status: MERGED	+2	0
648220,3	CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qtquick3d	Status: MERGED	+2	+1
648367,2	CMake: Add PURL and CPE info to 3rd party attribution files	6.9	qt/qtsensors	Status: MERGED	+2	0
648454,2	CMake: Add PURL and CPE info to 3rd party attribution files	tqtc/lts-6.8	qt/tqtc-qtsensors	Status: MERGED	+2	0
648540,2	CMake: Add PURL and CPE info to 3rd party attribution files	6.9	qt/qtimageformats	Status: MERGED	+2	0
648541,2	CMake: Add PURL and CPE info to 3rd party attribution files	6.9	qt/qtpositioning	Status: MERGED	+2	0
648542,2	CMake: Add PURL and CPE info to 3rd party attribution files	6.9	qt/qtopcua	Status: MERGED	+2	0
648552,2	CMake: Add PURL and CPE info to 3rd party attribution files	6.9	qt/qtquick3d	Status: MERGED	+2	0
648582,2	CMake: Add PURL and CPE info to 3rd party attribution files	6.9	qt/qtshadertools	Status: MERGED	+2	0
648585,2	CMake: Add PURL and CPE info to 3rd party attribution files	tqtc/lts-6.8	qt/tqtc-qtimageformats	Status: MERGED	+2	0
648586,2	CMake: Add PURL and CPE info to 3rd party attribution files	tqtc/lts-6.8	qt/tqtc-qtpositioning	Status: MERGED	+2	0
648587,3	CMake: Add PURL and CPE info to 3rd party attribution files	tqtc/lts-6.8	qt/tqtc-qtopcua	Status: MERGED	+2	0
648589,3	CMake: Add PURL and CPE info to 3rd party attribution files	tqtc/lts-6.8	qt/tqtc-qtquick3d	Status: MERGED	+2	0
648633,3	CMake: Add PURL and CPE info to 3rd party attribution files	tqtc/lts-6.8	qt/tqtc-qtshadertools	Status: MERGED	+2	0
648782,2	CMake: Add PURL and CPE info to 3rd party attribution files	master	playground/qlitehtml	Status: MERGED	+2	0
648783,2	CMake: Add PURL and CPE info to 3rd party attribution files	dev	qt/qttools	Status: MERGED	+2	0
649113,2	CMake: Add PURL and CPE info to 3rd party attribution files	6.9	qt/qttools	Status: MERGED	+2	0
649346,2	CMake: Add PURL and CPE info to 3rd party attribution files	tqtc/lts-6.8	qt/tqtc-qttools	Status: MERGED	+2	0