Details
-
User Story
-
Resolution: Unresolved
-
P2: Important
-
None
-
6.8.0
-
None
Description
As per the german BSI SBOM Technical guideline at QTBUG-129906
we probably want to include info about the tools that Qt uses during its build.
These should include both internal qt tools and external tools.
External tools would be things like: cmake, ninja / make, compiler, linker, archiver, python, perl, GN / nodejs for webengine.
Internal tools would be things like moc, rcc, uic, syncqt, qlalr, qvkgen, lrelease, balsam, qsb, qmlcachegen, shadergen, qdbusxml2cpp, etc.
It would also be good to keep the relationships that e.g. qvkgen was used for the build of QtGui, moc for everything, etc.
Some info about the internal tools like moc, rcc, uic, balsam is already present, but the relationships are missing.
syncqt is currently missing, due to the special way it is built.
External tool info is currently missing entirely, aside from the compiler and cmake version.
Regarding python, it is used to generate qml regex jit tables, the sbom json files, i believe it's also used in qtinterfraceframework / qtapplicationmanager.
When we offer a public sbom api, projects like PySide and Qt Creator will likely have additional tooling they use, so we'll need something somewhat generic.
Attachments
Issue Links
- split from
-
QTBUG-129906
Consider making our SBOMs compliant with the German SBOM guideline
-
- Open
-
-
QTBUG-122899
Generate SBOM from Qt build system
-
- In Progress
-