Details
-
User Story
-
Resolution: Unresolved
-
P2: Important
-
None
-
None
-
None
Description
The CMake implementation that Qt uses to generate its SBOM could be retrofitted to offer a public CMake API for user projects to generate their own SBOM.
It will require some internal refactorings to achieve that.
The implementation should ideally also support detecting and referencing Qt's own SBOM documents, so that the project SBOM can have a list of Qt module dependencies, etc.
This would also have to tie into deployment somehow, to deploy both the project SBOM and the Qt SBOM documents.
Attachments
Issue Links
- is required for
-
QTBUG-129601
Provide custom SBOM's in deployment tooling
-
- Open
-
-
QTCREATORBUG-31681
Create automated SBOM process for Qt Creator
-
- In Progress
-
- relates to
-
QTBUG-134894 Various improvements for SBOM generation
-
- Reported
-
- split from
-
QTBUG-122899
Generate SBOM from Qt build system
-
- Closed
-
Gerrit Reviews
| For Gerrit Dashboard: QTBUG-129609 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 615674,58 | WIP: CMake: Generate an SPDX v2.3 SBOM for Qt Creator | master | qt-creator/qt-creator | Status: NEW | -2 | 0 |
| 632233,7 | WIP: CMake: Preliminary support for SBOM generation | qds/dev | qt-creator/tqtc-plugin-qtquickdesigner | Status: NEW | -2 | 0 |
| 632235,7 | WIP: CMake: Preliminary support for SBOM generation | qds/dev | qt-creator/plugin-telemetry | Status: NEW | -2 | 0 |
| 632283,8 | WIP: CMake: Annotate attribution json files to targets that use them | master | qt-creator/qt-creator | Status: NEW | -2 | -1 |
| 632287,9 | WIP: CMake: Add resources and other files to the SBOM | master | qt-creator/qt-creator | Status: NEW | -2 | 0 |