Add documentation for SBOM#676
Open
yogeshhegde wants to merge 4 commits intoTexasInstruments:masterfrom
Open
Conversation
github-actions
bot
assigned
bryanbrattlof,
DhruvaG2000,
jeevantelukula and
sskartheekadivi
|
New warnings found with rstcheck: |
1 similar comment
|
New warnings found with rstcheck: |
|
New warnings found with rstcheck: |
yogeshhegde
requested review from
StaticRocket,
VeeruPrudhvi,
cshilwant,
gehariprasath,
jeevantelukula,
praneethbajjuri and
uditkumarti
as code owners
yogeshhegde
force-pushed
the
sbom
branch
2 times, most recently
from
16bcbfe to
5732a1e
Compare
|
New warnings found with rstcheck: |
Add release artefacts SBOM information for AM64X,AM62X,AM62PX and AM62LX devices. Signed-off-by: Yogesh Hegde <y-hegde@ti.com>
yogeshhegde
force-pushed
the
sbom
branch
2 times, most recently
from
9338c00 to
b9ad5de
Compare
cshilwant
requested changes
Apr 16, 2026
| @@ -0,0 +1,178 @@ | |||
| .. _how-to-work-with-sbom: | |||
Member
There was a problem hiding this comment.
This newly added section doesn't seem to follow the guidelines of section headers
https://github.com/TexasInstruments/processor-sdk-doc?tab=contributing-ov-file#headings--sections
Contributor
Author
There was a problem hiding this comment.
Fixed.
But few questions,
- Why do we follow Python Developer's Guide for documenting , what benefits do we get by following this guide just for heading ?
- rst does not put any limitations on the section headers, the doc says whatever we encounter 1st is h1 and so on.
- Since for h1 and h2 the characters underlining are different why do we need an overline just for h1 and h2 ? Since it is just for aesthetic purposes why not overline for all or no overline for all? Why not simplify and use one format for headings?
- I see alot of
.rstfiles not following the format, is there a plan to fix those documents?
Member
There was a problem hiding this comment.
- That's the one highlighted by sphinx in their documentation - https://www.sphinx-doc.org/en/master/usage/restructuredtext/basics.html#sections
- Yeah, that's a known issue. Infact that inconsistency led to encorfing this under Contribution guidelines - https://github.com/TexasInstruments/processor-sdk-doc?tab=contributing-ov-file#headings--sections. There were internal jira tickets created for few of those inconsistent rst files but later most of them were fixed by @StaticRocket, @praneethbajjuri and myself in past. Feel free to submit a patch incase you happen to see any rst's still having inconsistent usage of section headers.
| SPDX 3.0 is generated by default when building |__SDK_FULL_NAME__| Yocto, no extra steps required. | ||
| If you require additional vulnerability information, follow these steps: | ||
|
|
||
| 1. Add the following line to your ``local.conf``: |
Member
There was a problem hiding this comment.
role file can be used to highlight the same
Suggested change
| 1. Add the following line to your ``local.conf``: | |
| 1. Add the following line to your :file:`local.conf`: |
Contributor
Author
There was a problem hiding this comment.
What is the difference between
``local.conf``
&
:file:`local.conf`
How is it rendered different to the user?
Member
There was a problem hiding this comment.
In Sphinx (& reStructuredText), these 2 syntaxes serve different semantic purposes, even if they sometimes look similar in the final output. Think of it as the difference between "just some code / variable" and "specifically a file."
:file: role specifically for filenames and paths. It tells Sphinx (& the reader) exactly what the data is.
In terms of rendering, both usually result in a monospaced (fixed-width) font but the way they appear can vary based on the theme you are using
cshilwant
reviewed
Apr 16, 2026
| 1. Start with the build instructions in :ref:`Processor SDK - Building the SDK with Yocto <building-the-sdk-with-yocto>` | ||
| 2. After cloning ``oe-layersetup``, uncomment the ``meta-cyclonedx`` line in | ||
| the layer configuration file, for example: | ||
|
|
Member
There was a problem hiding this comment.
Any reasons we aren't pushing a new oe-config file to oe-layersetup dedicated for SBOMs?
We can avoid the following manual local changes & improve the user experience
Contributor
Author
There was a problem hiding this comment.
Here are few reasons,
- CycloneDX SBOM is not default format for SBOM, but there might be some users who want to use the format.
- Duplication of oe-config, there are 4 oe-config for 12.00.00 release, creating new oe-config just for cyclonedx would take that number to 8 since we have to give each oe-config with SPDX and CycloneDX SBOM generation.
- 8 oe-config will lead to more user confusion instead of improving user experience because for users who just want sane defaults they will be confused which oe-config to use.
- oe-layersetup does not allow us to
include files / config fragments, while kas (yaml) and repo (xml) both have include files feature where we can create fragments and user can include/exclude fragments enabling/disabling features. This would simplify both maintenance and improve user experience.
With these constraints, I believe this is the best course, since it is just uncommenting a line for the user and they also see less oe-configs.
Member
There was a problem hiding this comment.
I agree with this approach for the 12.0 release. Since we are still in the evaluation phase for SBOMs, it makes sense to avoid config bloat and keep the user experience simple for now.
However, SBOMs are the way to go in the future. Moving forward, we should look into how we can incorporate them into the default SDK build flow...
Add How to guide for working with SBOM's with sections * Generating SBOM in SPDX and CycloneDX format * Tools and references for Working with SBOM i.e visualizing, merging, modifying SBOMs Signed-off-by: Yogesh Hegde <y-hegde@ti.com>
Add link to working with SBOM in release specific section Signed-off-by: Yogesh Hegde <y-hegde@ti.com>
Add release artefacts SBOM information to release notes for AM62DX device. Signed-off-by: Yogesh Hegde <y-hegde@ti.com>
Member
There was a problem hiding this comment.
Could you use auto-numbered lists for this instead of manual numbering?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
feat(linux): Add how to guide for working with SBOMs
Add How to guide for working with SBOM's with sections
modifying SBOMs
feat(linux): Add SBOM section to release notes
Add release artefacts SBOM information for AM64X,AM62X,AM62PX and AM62LX
devices.
Doc Link - https://yogeshhegde.github.io/processor-sdk-doc/processor-sdk-linux-AM62LX/esd/docs/master/linux/How_to_Guides/FAQ/How_to_work_with_SBOM.html