Extend SBOM "formulation" to allow correct recipe for re-making... #3747

andrew-m-leonard · 2024-04-04T08:49:23Z

The intention of the CycloneDX "formulation" is to provide a "recipe" for "re-making" the exact same build.
As it currently stands the SBOM formulation section contains strace analysis listing of packages & tooling dependencies used in the original build. We need to add a new section for a "recipe" that provides the exact "configure & make" commands along with how to create a "compatible" environment to re-build an identical build.

andrew-m-leonard added enhancement Issues that enhance the code or documentation of the repo in any way reproducible-build labels Apr 4, 2024

github-actions bot added the compatibility Issues that relate to how our code works with other third party code bases label Apr 4, 2024

andrew-m-leonard added Sbom issue relate to work of sbom and removed compatibility Issues that relate to how our code works with other third party code bases labels Apr 4, 2024

github-actions bot added the compatibility Issues that relate to how our code works with other third party code bases label Apr 4, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Extend SBOM "formulation" to allow correct recipe for re-making... #3747

Extend SBOM "formulation" to allow correct recipe for re-making... #3747

andrew-m-leonard commented Apr 4, 2024

Extend SBOM "formulation" to allow correct recipe for re-making... #3747

Extend SBOM "formulation" to allow correct recipe for re-making... #3747

Comments

andrew-m-leonard commented Apr 4, 2024