Record the rustc target platform into the SBOM #529
Conversation
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
…nsidered Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
cargo-cyclonedx/src/generator.rs
Outdated
| SingleTarget(target) => vec![Property::new("rustcTarget", &target)], | ||
| AllTargets => all_known_targets() | ||
| .into_iter() | ||
| .map(|target| Property::new("rustcTarget", &target)) |
There was a problem hiding this comment.
I like the idea in general. Have you checked if there are any plans/standards/best practices for what this property could be called? Other tools must have the same idea/concept in general (e.g. Go/C/C++)
There was a problem hiding this comment.
I have not really checked for other uses of properties (the free-form field), just skimmed the standardized fields of metadata.
This encodes Rust target triples specifically, e.g. x86_64-unknown-linux-gnu, so this is not going to be interoperable with anything else. Hence the use of properties instead.
There was a problem hiding this comment.
Understood. In that case, does it make sense to use a namespaced property instead?
https://github.com/CycloneDX/cyclonedx-property-taxonomy
https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx.md
There was a problem hiding this comment.
Found the property for Go: https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/gomod.md
There was a problem hiding this comment.
Yes, it does. Good point.
cargo-cyclonedx/src/generator.rs
Outdated
| SingleTarget(target) => vec![Property::new("rustcTarget", &target)], | ||
| AllTargets => all_known_targets() | ||
| .into_iter() | ||
| .map(|target| Property::new("rustcTarget", &target)) |
There was a problem hiding this comment.
Understood. In that case, does it make sense to use a namespaced property instead?
https://github.com/CycloneDX/cyclonedx-property-taxonomy
https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx.md
Co-authored-by: Lars Francke <[email protected]> Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
Shnatsel
force-pushed
the
record-target
branch
from
f572613
to
7229bf9
Compare
Signed-off-by: Sergey "Shnatsel" Davidoff <[email protected]>
|
I think this is basically good to go, we just need to wait for the result of CycloneDX/cyclonedx-property-taxonomy#75 |
|
That property needs a fair bit of design work. We need to specify where it is legal for it to appear: on metadata only, or does it also appear on a |
|
I've opened CycloneDX/cyclonedx-property-taxonomy#78 upstream. Once that's merged, this PR will need to be reworked to match that schema. |
Fixes #528