Learn how to generate a Software Bill of Materials (SBOM) using the SPDX standard format with the Yocto Project in this 15-minute presentation. Discover practical details on utilizing the "create-spdx" class, introduced in Yocto Project version 3.4 ("Honister"), to produce SBOMs for license compliance and security vulnerability assessments. Gain insights into using the class effectively, understanding associated variables, and controlling the output SPDX content and volume without delving into code or generated files. Benefit from the presenter's expertise to quickly grasp this essential tool for device manufacturers and end users.
Overview
Syllabus
Bitbaking SPDX SBoM, Michael Opdenacker
Taught by
Yocto Project