Skip to content

Commit

Permalink
Add 'sbom' section to unstable features doc
Browse files Browse the repository at this point in the history
  • Loading branch information
justahero committed May 7, 2024
1 parent 37506b2 commit 0aa10e9
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions src/doc/src/reference/unstable.md
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ For the latest nightly, see the [nightly version] of this page.
* [public-dependency](#public-dependency) --- Allows dependencies to be classified as either public or private.
* [msrv-policy](#msrv-policy) --- MSRV-aware resolver and version selection
* [precise-pre-release](#precise-pre-release) --- Allows pre-release versions to be selected with `update --precise`
* [sbom](#sbom) --- Generates SBOM pre-cursor files for compiled artifacts
* Output behavior
* [out-dir](#out-dir) --- Adds a directory where artifacts are copied to.
* [Different binary name](#different-binary-name) --- Assign a name to the built binary that is separate from the crate name.
Expand Down Expand Up @@ -377,6 +378,29 @@ It's possible to update `my-dependency` to a pre-release with `update -Zunstable
This is because `0.1.2-pre.0` is considered compatible with `0.1.1`.
It would not be possible to upgrade to `0.2.0-pre.0` from `0.1.1` in the same way.

## sbom
* Tracking Issue: [#13709](https://github.com/rust-lang/cargo/pull/13709)
* RFC: [#3553](https://github.com/rust-lang/rfcs/pull/3553)

The `sbom` build config allows to generate so-called SBOM pre-cursor files
alongside each compiled artifact. A Software Bill Of Material (SBOM) tool can
incorporate these generated files to collect important information from the cargo
build process that are difficult or impossible to obtain in another way.

To enable this feature either set the `sbom` field in the `.cargo/config.toml`

```toml
[build]
sbom = true
```

or set the `CARGO_BUILD_SBOM` environment variable to `true`. The functionality
is available behind the flag `-Z sbom`.

The generated output files are in JSON format and follow the naming scheme
`<artifact>.cargo-sbom.json`. The JSON file contains information about dependencies,
target, features and the used `rustc` compiler.

## build-std
* Tracking Repository: <https://github.com/rust-lang/wg-cargo-std-aware>

Expand Down

0 comments on commit 0aa10e9

Please sign in to comment.