The meta-wr-sbom OpenEmbedded/Yocto layer is used to generate Software Bill of Materials (SBOM) of Software Package Data Exchange (SPDX) format for Yocto-based projects. The SBOM file created by the layer using SPDX v2.2 specification will include accurate identification of software components, explicit mapping of relationships between components, and the association of security and licensing information with each component.
- Yocto Project 1.6 (Daisy)
- Yocto Project 1.7 (Dizzy)
- Yocto Project 1.8 (Fido)
- Yocto Project 2.0 (Jethro)
- Yocto Project 2.1 (Krogoth)
- Yocto Project 2.2 (Morty)
- Yocto Project 2.3 (Pyro)
- Yocto Project 2.4 (Rocko)
- Yocto Project 2.5 (Sumo)
- Yocto Project 2.6 (Thud)
- Yocto Project 2.7 (Warrior)
- Yocto Project 3.0 (Zeus)
- Yocto Project 3.1 (Dunfell)
- Yocto Project 3.2 (Gatesgarth)
- Yocto Project 3.3 (Hardknott)
- Yocto Project 3.4 (Honister)
- Yocto Project 4.0 (Kirkstone)
- Wind River Linux 9
- Wind River Linux LTS17
- Wind River Linux LTS18
- Wind River Linux LTS19
- Wind River Linux LTS21
- Wind River Linux LTS22
Yocto Version >=1.6 & <=2.1:
Python 2 version >= 2.7 must be installed on build host machine.
Yocto Version >= 2.2:
Wind River Linux Version >= WRL9:
Python 3 version >= 3.7 must be installed on build host machine.
Clone the meta-wr-sbom repository (or unpack an archive of it) into the top-level directory of your yocto build project:
git clone https://github.com/Wind-River/meta-wr-sbomAt the top-level directory of your yocto build workspace, you can add the meta-wr-sbom layer to the build system by performing the following command:
source ../meta-wr-sbom/init_create_sbombitbake ${image_name}The SBOM file of your yocto project will be generated as tmp/deploy/images/${machine}/${image_name}.spdx.json.
Python 2.7 or later version is required to be installed on build host.
Clone the meta-wr-sbom repository (or unpack an archive of it) into the top-level directory of your project:
git clone https://github.com/Wind-River/meta-wr-sbomAt the top-level directory of your Wind River project, you can add the meta-wr-sbom layer to the build system by performing the following command:
source ../meta-wr-sbom/init_create_sbommakeThe SBOM file of your project will be generated as bitbake_build/tmp/deploy/images/${machine}/${image_name}.spdx.json.
- Wind River Linux 3
- Wind River Linux 4
- Wind River Linux 5
Python 2.7 or later version is required to be installed on build host.
Fully build your project.
Clone the meta-wr-sbom repository (or unpack an archive of it) into the top-level directory of your project:
git clone https://github.com/Wind-River/meta-wr-sbomAt the top-level directory of your project directory, perform the following command:
python meta-wr-sbom/tool/gen_eol_wrl_sbom.py .The SBOM file of your project will be generated as meta-wr-sbom/tool/${image_name}.spdx.json.
All product names, logos, and brands are property of their respective owners. All company, product and service names used in this software are for identification purposes only. Wind River is a trademark of Wind River Systems, Inc.
Disclaimer of Warranty / No Support: Wind River does not provide support and maintenance services for this software, under Wind River’s standard Software Support and Maintenance Agreement or otherwise. Unless required by applicable law, Wind River provides the software (and each contributor provides its contribution) on an “AS IS” BASIS, WITHOUT WARRANTIES OF ANY KIND, either express or implied, including, without limitation, any warranties of TITLE, NONINFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the software and assume any risks associated with your exercise of permissions under the license.