Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-129602

Annotate all qt_attribution.json files with CPE and PURL values

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • P2: Important
    • None
    • None
    • Build System: CMake, Documentation
    • None
    • 7f6fe311e (6.10), f55cd043d (tqtc/lts-6.8), 3f1f0a804 (tqtc/lts-6.8), 6e8bf5afc (tqtc/lts-6.8), ce20e4f5b (tqtc/lts-6.8), 50cfb16b5 (tqtc/lts-6.8), de4c12fe1 (tqtc/lts-6.5), e27b99ded (6.9), ca0e33249 (tqtc/lts-6.5), 5ec261cbc (tqtc/lts-6.5)

    Description

      All our 3rd party sources have (or should have) an accompanying qt_attribution.json file.

      To more easily track our 3rd party supply chain, we should add relevant CPE and PURL values to the qt_attribution.json files in all our repositories.

      What CPE and PURL means can be found at https://wiki.qt.io/SBOM#CPE_and_PURL_values_in_qt_attribution.json_files

      qtbase is handled via https://codereview.qt-project.org/c/qt/qtbase/+/578553

      We need to the same for the following repos:

      • qt3d attribution reference
      • qt5compat attribution reference
      • qtapplicationmanager attribution reference
      • qtconnectivity attribution reference
      • qtdeclarative attribution reference
      • qtgrpc attribution reference
      • qtimageformats attribution reference
      • qtinterfaceframework attribution reference
      • qtmultimedia attribution reference
      • qtopcua attribution reference
      • qtpositioning attribution reference
      • qtquick3d attribution reference
      • qtsensors attribution reference
      • qtshadertools attribution reference
      • qtsvg attribution reference
      • qttools attribution reference
      • qtvehicleservices attribution reference
      • qtvirtualkeyboard attribution reference
      • qtwayland attribution reference

      Attachments

        Issue Links

          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. QTQAINFRA-6637 Update provisioned qdoc, qtattributionsscanner to Qt 6.8.0

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; Flaky tests; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          split from

          User Story - Created by Jira Software - do not edit or delete. Issue type for a user story. QTBUG-122899 Generate SBOM from Qt build system

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          mentioned in

          Page Loading...

          1.
          		 Add CPE and PURL info for qtimageformats Technical task Closed Qt Build System Team
          2.
          		 Add CPE and PURL info for qtsvg Technical task Closed Qt Build System Team
          3.
          		 Add CPE and PURL info for qtconnectivity Technical task Closed Qt Build System Team
          4.
          		 Add CPE and PURL info for qtshadertools Technical task Closed Qt Build System Team
          5.
          		 Add CPE and PURL info for qt5compat Technical task Closed Qt Build System Team
          6.
          		 Add CPE and PURL info for qtopcua Technical task Closed Qt Build System Team
          7.
          		 Add CPE and PURL info for qtpositioning Technical task Closed Qt Build System Team
          8.
          		 Add CPE and PURL info for qtsensors Technical task Closed Qt Build System Team
          9.
          		 Add CPE and PURL info for qtquick3d Technical task Closed Qt Build System Team
          10.
          		 Add CPE and PURL info for qtmultimedia Technical task Closed Qt Build System Team
          11.
          		 Add CPE and PURL info for qttools Technical task Closed Qt Build System Team
          12.
          		 Add CPE and PURL info for qtdeclarative Technical task Closed Qt Build System Team
          13.
          		 Add CPE and PURL info for qtgrpc Technical task Closed Qt Build System Team
          14.
          		 Add CPE and PURL info for qtgrpc Technical task Closed Qt Build System Team
          15.
          		 Add CPE and PURL info for qt3d Technical task Closed Qt Build System Team
          16.
          		 Add CPE and PURL info for qt3d Technical task Closed Qt Build System Team
          17.
          		 Add CPE and PURL info for qtwayland Technical task Closed Qt Build System Team
          18.
          		 Add CPE and PURL info for qtvirtualkeyboard Technical task Closed Qt Build System Team
          19.
          		 Add CPE and PURL info for qtvehicleservices Technical task Reported Qt Build System Team
          20.
          		 Add CPE and PURL info for qtinterfaceframework Technical task Closed Qt Build System Team
          21.
          		 Add CPE and PURL info for qtapplicationmanager Technical task Closed Qt Build System Team
          For Gerrit Dashboard: QTBUG-129602
          # Subject Branch Project Status CR V
          650313,1 CMake: Create an SBOM package for the ifcodegen tool dev qt/qtinterfaceframework Status: NEW 0 +1
          650528,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtdeclarative Status: NEW 0 0
          650535,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtmultimedia Status: NEW 0 0
          650631,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtsvg Status: NEW 0 0
          650961,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtinterfaceframework Status: NEW 0 0
          651007,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qt3d Status: NEW 0 0
          578553,44 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtbase Status: MERGED +2 0
          604618,3 CMake: Add PURL and CPE info to 3rd party attribution files 6.8 qt/qtbase Status: MERGED +2 0
          619761,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtbase Status: MERGED +2 0
          623805,2 CMake: Fix broken qt_attribution.json files after cherry-pick tqtc/lts-6.5 qt/tqtc-qtbase Status: MERGED +2 0
          648203,6 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtimageformats Status: MERGED +2 0
          648208,4 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtshadertools Status: MERGED +2 +1
          648212,2 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtopcua Status: MERGED +2 +1
          648213,2 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtpositioning Status: MERGED +2 +1
          648217,2 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtsensors Status: MERGED +2 0
          648220,3 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtquick3d Status: MERGED +2 +1
          648367,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtsensors Status: MERGED +2 0
          648454,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtsensors Status: MERGED +2 0
          648540,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtimageformats Status: MERGED +2 0
          648541,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtpositioning Status: MERGED +2 0
          648542,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtopcua Status: MERGED +2 0
          648552,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtquick3d Status: MERGED +2 0
          648582,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtshadertools Status: MERGED +2 0
          648585,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtimageformats Status: MERGED +2 0
          648586,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtpositioning Status: MERGED +2 0
          648587,3 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtopcua Status: MERGED +2 0
          648589,3 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtquick3d Status: MERGED +2 0
          648633,3 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtshadertools Status: MERGED +2 0
          648779,6 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtmultimedia Status: MERGED +2 0
          648782,2 CMake: Add PURL and CPE info to 3rd party attribution files master playground/qlitehtml Status: MERGED +2 0
          648783,2 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qttools Status: MERGED +2 0
          648784,9 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtdeclarative Status: MERGED +2 0
          648789,5 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtgrpc Status: MERGED +2 0
          649113,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qttools Status: MERGED +2 0
          649346,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qttools Status: MERGED +2 0
          650004,4 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qt3d Status: MERGED +2 0
          650007,1 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtwayland Status: ABANDONED 0 0
          650012,3 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtvirtualkeyboard Status: MERGED +2 0
          650013,2 CMake: Add PURL and CPE info to 3rd party attribution files dev qt-labs/qtvehicleservices Status: DEFERRED +2 0
          650034,3 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtinterfaceframework Status: MERGED +2 0
          650035,3 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtapplicationmanager Status: MERGED +2 0
          650036,3 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtwayland Status: MERGED +2 0
          650039,3 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qt5compat Status: MERGED +2 0
          650252,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtsensors Status: MERGED +2 0
          650269,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtimageformats Status: MERGED +2 0
          650278,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtpositioning Status: MERGED +2 0
          650279,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtopcua Status: MERGED +2 0
          650280,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtquick3d Status: MERGED +2 0
          650283,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtshadertools Status: MERGED +2 0
          650284,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qttools Status: MERGED +2 0
          650288,2 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtsvg Status: MERGED +2 0
          650292,2 CMake: Add PURL and CPE info to 3rd party attribution files dev qt/qtconnectivity Status: MERGED +2 0
          650305,2 CMake: Add missing attribution file paths for yoga dev qt/qtdeclarative Status: MERGED +2 0
          650359,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qtwayland Status: MERGED +2 0
          650361,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qtsvg Status: MERGED +2 0
          650362,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qtvirtualkeyboard Status: MERGED +2 0
          650366,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qtgrpc Status: MERGED +2 0
          650367,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qtinterfaceframework Status: MERGED +2 0
          650368,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qt5compat Status: MERGED +2 0
          650369,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qtconnectivity Status: MERGED +2 0
          650370,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qtapplicationmanager Status: MERGED +2 0
          650373,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qt3d Status: MERGED +2 0
          650435,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtconnectivity Status: MERGED +2 0
          650437,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qtmultimedia Status: MERGED +2 0
          650462,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtwayland Status: MERGED +2 0
          650464,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtsvg Status: MERGED +2 0
          650466,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtmultimedia Status: MERGED +2 0
          650479,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.10 qt/qtdeclarative Status: MERGED +2 0
          650480,2 CMake: Add missing attribution file paths for yoga 6.10 qt/qtdeclarative Status: MERGED +2 0
          650481,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtvirtualkeyboard Status: MERGED +2 0
          650482,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qt5compat Status: MERGED +2 0
          650483,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtinterfaceframework Status: MERGED +2 0
          650484,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtgrpc Status: MERGED +2 0
          650491,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qt3d Status: MERGED +2 0
          650521,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtconnectivity Status: MERGED +2 0
          650529,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtsvg Status: MERGED +2 0
          650531,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtwayland Status: MERGED +2 0
          650541,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtvirtualkeyboard Status: MERGED +2 0
          650542,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qt5compat Status: MERGED +2 0
          650544,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtinterfaceframework Status: MERGED +2 0
          650545,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtgrpc Status: MERGED +2 0
          650547,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qt3d Status: MERGED +2 0
          650582,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtconnectivity Status: MERGED +2 0
          650673,1 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtwayland Status: ABANDONED 0 0
          650695,2 CMake: Add PURL and CPE info to 3rd party attribution files 6.9 qt/qtapplicationmanager Status: MERGED +2 0
          650851,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtvirtualkeyboard Status: MERGED +2 0
          650889,2 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qt5compat Status: MERGED +2 0
          650997,1 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.5 qt/tqtc-qtgrpc Status: ABANDONED 0 0
          651079,1 CMake: Add PURL and CPE info to 3rd party attribution files tqtc/lts-6.8 qt/tqtc-qtapplicationmanager Status: STAGED +2 0

          Activity

            People

              qtbuildsystem Qt Build System Team
              alexandru.croitor Alexandru Croitor
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are 6 open Gerrit changes