Which ESP-IDF version is supported by esp-idf-sbom? (IDFGH-10621)
andyn-ff opened this issue · 2 comments
I wanted to try out this new tool (I realise it is experimental at the moment), but I immediately get the error
E: Project description file "build/project_description.json" does not support SBOM generation. Please see the list of IDF versions supported by esp-idf-sbom.
This happens even if I create a sbom.yml file in the root of my project (using the example from the README). Maybe it is because the components in my project do not have manifest files too, or maybe it is dependent on manifest files in the ESP-IDF components.
Which ESP-IDF versions are intended to work with the esp-idf-sbom tool? I currently use v5.0.2.
Hi @andyn-ff. Thanks for trying and for the feedback. Are you able to try the latest version of the release/v5.0 branch? This is not supported in any of the released versions yet. We are gradually adding the functionality. I think some progress is already made in v5.0.3 but some were just merged only recently so they will be in v5.0.4 only. So it would be most up-to-date to try it in the release branch.
Hello @andyn-ff ,
thank you very much for trying this tool. As @dobairoland said, the change is merged in release/v5.0 branch, but after v5.0.2 was released.
$ git describe 9156bbb55c92
v5.0.2-284-g9156bbb55c92
There are two commits which are needed.
- tools: fix make_json_list to return empty json list for empty cmake list
- tools: extend information in project_description.json
It should be possible to cherry-pick them without any conflicts into released v5.0.2.
$ git cherry-pick 30735b33efabd6cf038bcb258b674cf828ad5ecf 9156bbb55c920d6704329975311c331b931ed6bc
Anyway you are of course right, the information about which versions are supported is missing. This is my mistake. I will use this issue to extend information about supported ESP-IDF versions in the README file.
Thank you very much!