generate sbom for c++ project that use custom make file #1374
Comments
|
Hi, could you tell us a bit more about this project? You don't need to use cmake to use syft. You can invoke syft from your build process. If you can show us what you've tried so far, we can help you get going. |
tgerla
added
question
|
@tgerla i have legacy code that can’t change make procedures on it. |
|
I think you could add the syft commands to your script in the root of the project, after the "make" steps? I apologize if I am not understanding fully. Feel free to show the script you're using and we can try to help further. |
|
I also spoke to my engineering team about your question and I got a few more details. Syft won't actually detect any packages on a basic C++ project unless you are using the Conan package manager (https://conan.io/). However, you can create an SBOM manually and include it in your project, and Syft can find that and use it to populate the final results. I hope this helps--feel free to join our Slack to chat with us, if you would like! |
|
@tgerla would please tell me in simple scenario i have one directory that contain one make file. |
|
Hi @mehrdad2000, sorry I am not a Conan expert and I'm not sure it's applicable to your project. I just know that Syft can use it as a data source to look for 3rd party C++ packages if your project already uses it to organize dependencies. Think of Conan as NPM for C++, for instance. Maybe we could take a step back? It sounds like you are trying to create an SBOM for your own project, right? Does your project contain 3rd party C++ dependencies? What is your goal for the SBOM? |
|
We'll go ahead and close this issue, but feel free to re-open or open another one if you need additional help. We are also available in our Slack channel if you'd like to chat. Thanks! |
Hi
have an c++ project that use custom make file to build.
How can I create sbom for this project?
FYI: I don't want to use Cmake.
Any Idea?
Thanks
The text was updated successfully, but these errors were encountered: