Skip to content

Update Yocto guide with sbomify integration and accuracy fixes#67

Merged
vpetersson merged 1 commit intomasterfrom
yocto-guide-updates
Mar 2, 2026
Merged

Update Yocto guide with sbomify integration and accuracy fixes#67
vpetersson merged 1 commit intomasterfrom
yocto-guide-updates

Conversation

@vpetersson
Copy link
Contributor

@vpetersson vpetersson commented Mar 2, 2026

  • Add Release Management section with sbomify-action examples for both SPDX 2.2 and 3.0.1, including --augment and --enrich flags
  • Fix CI/CD section to distinguish SPDX 2.2 (.spdx.tar.zst) from SPDX 3.0.1 (.spdx.json) output and remove unnecessary extraction step
  • Update SPDX 3.0.1 size estimates from 50 MB to ~260 MB
  • Add notes about SPDX 2.2 producing hundreds of per-package SBOMs
  • Add SPDX 2.2 vs 3.0 FAQ entry
  • Link hierarchy support and SBOM signing to relevant pages
  • Remove em-dashes

@vpetersson @claude
Update Yocto guide with sbomify integration and accuracy fixes
ed49169 
- Add Release Management section with sbomify-action examples for both
  SPDX 2.2 and 3.0.1, including --augment and --enrich flags
- Fix CI/CD section to distinguish SPDX 2.2 (.spdx.tar.zst) from
  SPDX 3.0.1 (.spdx.json) output and remove unnecessary extraction step
- Update SPDX 3.0.1 size estimates from 50 MB to ~260 MB
- Add notes about SPDX 2.2 producing hundreds of per-package SBOMs
- Add SPDX 2.2 vs 3.0 FAQ entry
- Link hierarchy support and SBOM signing to relevant pages
- Remove em-dashes

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vpetersson vpetersson merged commit e4b00c0 into master Mar 2, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vpetersson