Details
-
Task
-
Resolution: Unresolved
-
P2: Important
-
None
-
None
-
None
-
fb1fd94eb (6.9), 2d6f06df6 (6.9), 83d570790 (tqtc/lts-6.8), 8e1a2810e (tqtc/lts-6.8), 116d73f76 (tqtc/lts-6.8), 92f476c66 (tqtc/lts-6.8), eb5d6e6c3 (tqtc/lts-6.8), 3fe5821da (master), 41d599f81 (dev), dc3c1708c (6.9), d2797e5fd (tqtc/lts-6.8)
Description
All our 3rd party sources have (or should have) an accompanying qt_attribution.json file.
To more easily track our 3rd party supply chain, we should add relevant CPE and PURL values to the qt_attribution.json files in all our repositories.
What CPE and PURL means can be found at https://wiki.qt.io/SBOM#CPE_and_PURL_values_in_qt_attribution.json_files
qtbase is handled via https://codereview.qt-project.org/c/qt/qtbase/+/578553
We need to the same for the following repos:
- qt3d
- qt5compat
- qtapplicationmanager
- qtconnectivity
- qtdeclarative
- qtgrpc
- qtimageformats
- qtinterfaceframework
- qtmultimedia
- qtopcua
- qtpositioning
- qtquick3d
- qtsensors
- qtshadertools
- qtsvg
- qttools
- qtvehicleservices
- qtvirtualkeyboard
- qtwayland
Attachments
Issue Links
- is blocked by
-
QTQAINFRA-6637 Update provisioned qdoc, qtattributionsscanner to Qt 6.8.0
-
- Closed
-
- split from
-
QTBUG-122899 Generate SBOM from Qt build system
-
- Closed
-
- mentioned in
-
Page Loading...