Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-131281

Provide SBOM information for tools used during Qt build

    XMLWordPrintable

Details

    • User Story
    • Resolution: Unresolved
    • P2: Important
    • None
    • 6.8.0
    • Build System: CMake
    • None

    Description

      As per the german BSI SBOM Technical guideline at QTBUG-129906
      we probably want to include info about the tools that Qt uses during its build.

      These should include both internal qt tools and external tools.

      External tools would be things like: cmake, ninja / make, compiler, linker, archiver, python, perl, GN / nodejs for webengine.

      Internal tools would be things like moc, rcc, uic, syncqt, qlalr, qvkgen, lrelease, balsam, qsb, qmlcachegen, shadergen, qdbusxml2cpp, etc.

      It would also be good to keep the relationships that e.g. qvkgen was used for the build of QtGui, moc for everything, etc.

      Some info about the internal tools like moc, rcc, uic, balsam is already present, but the relationships are missing.
      syncqt is currently missing, due to the special way it is built.

      External tool info is currently missing entirely, aside from the compiler and cmake version.

      Regarding python, it is used to generate qml regex jit tables, the sbom json files, i believe it's also used in qtinterfraceframework / qtapplicationmanager.

      When we offer a public sbom api, projects like PySide and Qt Creator will likely have additional tooling they use, so we'll need something somewhat generic.

      Attachments

        Issue Links

          split from

          User Story - Created by Jira Software - do not edit or delete. Issue type for a user story. QTBUG-129906 Consider making our SBOMs compliant with the German SBOM guideline

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Open

          User Story - Created by Jira Software - do not edit or delete. Issue type for a user story. QTBUG-122899 Generate SBOM from Qt build system

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • In Progress
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              qtbuildsystem Qt Build System Team
              alexandru.croitor Alexandru Croitor
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes