[OE-core][PATCH v11 0/4] SPDX 3.0 SBOM enrichment and compliance improvements

[stondo@gmail.com]

From: Stefano Tondo <stefano.tondo.ext@siemens.com>

This series enhances SPDX 3.0 SBOM generation with enriched
metadata and compliance-oriented controls for current master.

Compared with v10, this series has been rebased on top of current
master after Joshua's related changes landed upstream. The merged or
superseded pieces have been dropped, leaving the four still-relevant
patches below.

Changes since v10:

  - Rebased onto current master.
  - Dropped patches now merged or superseded upstream.
  - Restored the current recipe/build SPDX task split after rebase.
  - Updated the remaining selftests to use the current builds/ output
    paths.
  - Revalidated the source-download enrichment tests requested by
    Richard Purdie and Mathieu Dubois-Briand.

Validated with:

  oe-selftest -r \
    spdx.SPDX30Check.test_packageconfig_spdx \
    spdx.SPDX30Check.test_download_location_defensive_handling \
    spdx.SPDX30Check.test_version_extraction_patterns

Stefano Tondo (4):
  spdx30: Add configurable file exclusion pattern support
  spdx30: Add supplier support for image and SDK SBOMs
  spdx30: Enrich source downloads with version and PURL
  oeqa/selftest: Add tests for source download enrichment

 meta/classes-recipe/cargo_common.bbclass |   3 +
 meta/classes-recipe/cpan.bbclass         |  11 +
 meta/classes-recipe/go-mod.bbclass       |   6 +
 meta/classes-recipe/npm.bbclass          |   7 +
 meta/classes-recipe/pypi.bbclass         |   6 +-
 meta/classes/create-spdx-3.0.bbclass     |  17 ++
 meta/classes/spdx-common.bbclass         |   7 +
 meta/lib/oe/spdx30_tasks.py              | 279 +++++++++++++++++------
 meta/lib/oeqa/selftest/cases/spdx.py     | 104 +++++++--
 9 files changed, 345 insertions(+), 95 deletions(-)

-- 
2.53.0