Add documentation for SBOM#676
Open
yogeshhegde wants to merge 4 commits intoTexasInstruments:masterfrom
Open
Conversation
github-actions
bot
assigned
bryanbrattlof,
DhruvaG2000,
jeevantelukula and
sskartheekadivi
|
New warnings found with rstcheck: |
1 similar comment
|
New warnings found with rstcheck: |
|
New warnings found with rstcheck: |
yogeshhegde
requested review from
StaticRocket,
VeeruPrudhvi,
cshilwant,
gehariprasath,
jeevantelukula,
praneethbajjuri and
uditkumarti
as code owners
yogeshhegde
force-pushed
the
sbom
branch
2 times, most recently
from
16bcbfe to
5732a1e
Compare
|
New warnings found with rstcheck: |
Add release artefacts SBOM information for AM64X,AM62X,AM62PX and AM62LX devices. Signed-off-by: Yogesh Hegde <y-hegde@ti.com>
yogeshhegde
force-pushed
the
sbom
branch
2 times, most recently
from
9338c00 to
b9ad5de
Compare
cshilwant
requested changes
Apr 16, 2026
cshilwant
reviewed
Apr 16, 2026
| 1. Start with the build instructions in :ref:`Processor SDK - Building the SDK with Yocto <building-the-sdk-with-yocto>` | ||
| 2. After cloning ``oe-layersetup``, uncomment the ``meta-cyclonedx`` line in | ||
| the layer configuration file, for example: | ||
|
|
Member
There was a problem hiding this comment.
Any reasons we aren't pushing a new oe-config file to oe-layersetup dedicated for SBOMs?
We can avoid the following manual local changes & improve the user experience
Contributor
Author
There was a problem hiding this comment.
Here are few reasons,
- CycloneDX SBOM is not default format for SBOM, but there might be some users who want to use the format.
- Duplication of oe-config, there are 4 oe-config for 12.00.00 release, creating new oe-config just for cyclonedx would take that number to 8 since we have to give each oe-config with SPDX and CycloneDX SBOM generation.
- 8 oe-config will lead to more user confusion instead of improving user experience because for users who just want sane defaults they will be confused which oe-config to use.
- oe-layersetup does not allow us to
include files / config fragments, while kas (yaml) and repo (xml) both have include files feature where we can create fragments and user can include/exclude fragments enabling/disabling features. This would simplify both maintenance and improve user experience.
With these constraints, I believe this is the best course, since it is just uncommenting a line for the user and they also see less oe-configs.
Member
There was a problem hiding this comment.
I agree with this approach for the 12.0 release. Since we are still in the evaluation phase for SBOMs, it makes sense to avoid config bloat and keep the user experience simple for now.
However, SBOMs are the way to go in the future. Moving forward, we should look into how we can incorporate them into the default SDK build flow...
Contributor
Author
There was a problem hiding this comment.
SBOM (in SPDX format) is in default SDK build flow. But if the user wants a CycloneDX format for SBOM then user has to use the non-default SDK build flow.
It depends on the Adoption of SPDX and CycloneDX formats. The format that has higher Adoption will be default SDK build flow while the one with the lower adoption will be the non-default one and will require additional steps. Currently SPDX has higher Adoption, yet we have the option of CycloneDX to users who want it.
Add How to guide for working with SBOM's with sections * Generating SBOM in SPDX and CycloneDX format * Tools and references for Working with SBOM i.e visualizing, merging, modifying SBOMs Signed-off-by: Yogesh Hegde <y-hegde@ti.com>
Add link to working with SBOM in release specific section Signed-off-by: Yogesh Hegde <y-hegde@ti.com>
Add release artefacts SBOM information to release notes for AM62DX device. Signed-off-by: Yogesh Hegde <y-hegde@ti.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
feat(linux): Add how to guide for working with SBOMs
Add How to guide for working with SBOM's with sections
modifying SBOMs
feat(linux): Add SBOM section to release notes
Add release artefacts SBOM information for AM64X,AM62X,AM62PX and AM62LX
devices.
Doc Link - https://yogeshhegde.github.io/processor-sdk-doc/processor-sdk-linux-AM62LX/esd/docs/master/linux/How_to_Guides/FAQ/How_to_work_with_SBOM.html