Add `west bindesc get_offset` command to print the offset of
the descriptors inside the given image.
Signed-off-by: Yonatan Schachter <yonatan.schachter@gmail.com>
Improve the SPDX with the current values:
- URL: extracted from `git remote`. If more than one remote, URL is not
set.
- Version: extracted from `git rev-parse` (commit id).
- PURL and CPE for Zephyr: generated from URL and version.
For zephyr, the tag is extracted, if present, and replace the commit id for
the version field.
Since official modules does not have tags, tags are not yet extracted for
modules.
To track vulnerabilities from modules dependencies, a new SBOM,
`modules-deps.spdx` was created. It contains the `external-references`
provided by the modules. It allows to easily track vulnerabilities from
these external dependencies.
Signed-off-by: Thomas Gagneret <thomas.gagneret@hexploy.com>
Minor update to existing zspdx implementation to add support for
PrimaryPackagePurpose introduced in SPDX 2.3.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
- Remove OS specific instructions, instructions depend on the shell and
are the same across OS;
- Add fish shell to the documentation.
Signed-off-by: Théo Battrel <theo.util@protonmail.ch>
The current zephyr.spdx does not contain the modules included in the build.
This commit split the zephyr-sources package into multiple packages, one
for each modules found by zephyr_module.py.
Signed-off-by: Thomas Gagneret <tgagneret@witekio.com>
Extend the existing documentation by documenting the command itself and
the format of the module.yml blobs section.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
