From 2a8a063b2cad20a8fa19282c2ecc75c372cc9088 Mon Sep 17 00:00:00 2001 From: Ernesto de Gracia Herranz Date: Tue, 11 Feb 2025 17:13:28 +0100 Subject: [PATCH 1/2] add --- reference/tools/sbom.rst | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/reference/tools/sbom.rst b/reference/tools/sbom.rst index ec20fab05ad7..fd335f0d7dbb 100644 --- a/reference/tools/sbom.rst +++ b/reference/tools/sbom.rst @@ -69,6 +69,20 @@ install the dependencies from Conan. This can be very useful for generating SBOM dependencies. Note that this time we're saving the SBOM in the generators folder, so that the user installing the dependencies has easy access to the SBOM. +Other options +~~~~~~~~~~~~~ + +The function **cyclonedx_1_4** is customizable and includes the **name** parameter. If you'd like to specify a custom name +for the metadata field in the document, you can easily do so by using the syntax +``cyclonedx(conanfile.subgraph, name="custom_name")``. + +Additionally, you can use the **add_build** and **add_test** +parameters if you wish to include build or test dependencies in your document; both are set to false by default. +If you want to enable these features, here’s an example of how to use them: +``cyclonedx(conanfile.subgraph, add_build=True, add_test=True)``. + +The + .. code-block:: python import json From 3571a940aeea666cf6d3c5331ede5d25d4ee7d69 Mon Sep 17 00:00:00 2001 From: Ernesto de Gracia Herranz Date: Tue, 11 Feb 2025 17:38:57 +0100 Subject: [PATCH 2/2] fix structure and naming --- reference/tools/sbom.rst | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/reference/tools/sbom.rst b/reference/tools/sbom.rst index fd335f0d7dbb..2932ff7b916c 100644 --- a/reference/tools/sbom.rst +++ b/reference/tools/sbom.rst @@ -34,6 +34,18 @@ It provides the ``cyclonedx_1_4`` function which receives a Conan dependency gra Using this feature is as simple as implementing a :ref:`hook ` in your client which uses this tool to create the SBOM and stores it in the appropriate location. +Other options +~~~~~~~~~~~~~ + +The function **cyclonedx_1_4** is customizable and includes the **name** parameter. If you'd like to specify a custom name +for the metadata field in the document, you can easily do so by using the syntax +``cyclonedx(conanfile.subgraph, name="custom_name")``. + +Additionally, you can use the **add_build** and **add_test** +parameters if you wish to include build or test dependencies in your document; both are set to false by default. +If you want to enable these features, here’s an example of how to use them: +``cyclonedx(conanfile.subgraph, add_build=True, add_test=True)``. + Usage examples ^^^^^^^^^^^^^^ @@ -69,19 +81,6 @@ install the dependencies from Conan. This can be very useful for generating SBOM dependencies. Note that this time we're saving the SBOM in the generators folder, so that the user installing the dependencies has easy access to the SBOM. -Other options -~~~~~~~~~~~~~ - -The function **cyclonedx_1_4** is customizable and includes the **name** parameter. If you'd like to specify a custom name -for the metadata field in the document, you can easily do so by using the syntax -``cyclonedx(conanfile.subgraph, name="custom_name")``. - -Additionally, you can use the **add_build** and **add_test** -parameters if you wish to include build or test dependencies in your document; both are set to false by default. -If you want to enable these features, here’s an example of how to use them: -``cyclonedx(conanfile.subgraph, add_build=True, add_test=True)``. - -The .. code-block:: python @@ -103,8 +102,8 @@ The Both hooks can coexist in such a way that we can generate the SBOMs for our application and our dependencies separately. This can greatly assist us in conducting continuous analysis of our development process and ensuring software quality. -Conan -^^^^^ +Generating a Conan-based SBOM +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Instead of using a standard, we can take a "Conan-based approach". Thanks to the ``conanfile.subgraph.serialize()`` function, we can directly obtain information about the dependencies of our package.