-
Notifications
You must be signed in to change notification settings - Fork 298
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for CMake as a package manager #2031
Comments
Maybe we should have a look how https://github.com/swinslow/cmake-spdx for ideas how to implement this. See also this related talk https://fosdem.org/2021/schedule/event/automating_creation_of_spdx_sbom/ |
@tsteenbe pointed out a new tool that we might be able to use here, https://github.com/trailofbits/it-depends, quote:
|
I'd be interested in an analyzer for CMake projects as well. The paper at https://arxiv.org/pdf/2209.02575.pdf claims that "CCScanner" (https://github.com/lkpsg/ccscanner) also supports scanning CMakeLists.txt files. So maybe that is another candidate for a tool that could be used here. |
If you want to use ORT with CMake project we recommend to use ORT helper CLI to generate an ORT analyzer file from package flat-list as was introduced in bcaddf4#diff-41c5b84b6d482e514d89dc61e0b0b2a0e8ba236f9a63054c5f862db269cc0af7. Example file can be found here helper-cli/src/funTest/assets/package-list.yml and to generate ORT analyzer file use See also the slides of the "Producing SBOMs for CMAKE projects using ORT's standard workflow" presentation from EPAM (@fviernau) and Zeiss at the ORT Community Days 2024 |
Closed as part of backlog grooming. Feel free to comment if you would like to contribute to this. |
Check whether cmake-file-api is suitable for gathering the necessary meta-data.
See here for a related question on StackOverflow.
The text was updated successfully, but these errors were encountered: