From f4d15f4c7e2a1510204839a2da8b3cd028f11d26 Mon Sep 17 00:00:00 2001
From: Andrei Gherzan <andrei.gherzan@huawei.com>
Date: Fri, 25 Nov 2022 20:53:03 +0000
Subject: [PATCH] SQUASH: SBOMs

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
---
 releases/2.0/2.0.0/ip_compliance_note.rst | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/releases/2.0/2.0.0/ip_compliance_note.rst b/releases/2.0/2.0.0/ip_compliance_note.rst
index 77c4e8d..d0a19cf 100644
--- a/releases/2.0/2.0.0/ip_compliance_note.rst
+++ b/releases/2.0/2.0.0/ip_compliance_note.rst
@@ -39,6 +39,27 @@ In the such dashboard, also CVE information (collected at the time of the
 commit) is shown and can be filtered based on target machines, images and
 single components.
 
+Last but not least, we provide reference SPDX SBoM of source packages used to
+build oniro-base-image and zephyr-philosophers images for a selection of
+supported target machines (qemu, raspberrypi4, arduino-nano-33ble), generated
+by continuous compliance pipelines. They are provided as a convenience only,
+with no express warranty or implied about the accuracy and completeness of the
+information contained therein (see the disclaimers below):
+
+============================= ====== ============ =================== ===================
+SBoM                          kernel toolchain(s) machine(s)          image
+============================= ====== ============ =================== ===================
+`linux-qemu`_                 linux  gcc,clang    qemu\*              oniro-image-base
+`linux-raspberrypi4`_         linux  gcc,clang    raspberrypi4-64     oniro-image-base
+`zephyr-qemu`_                zephyr gcc          qemu\*              zephyr-philosophers
+`zephyr-arduino-nano-33-ble`_ zephyr gcc          arduino-nano-33-ble zephyr-philosophers
+============================= ====== ============ =================== ===================
+
+.. _linux-qemu: https://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/mirrors/oniro-goofy/-/jobs/167524/artifacts/download
+.. _linux-raspberrypi4: https://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/mirrors/oniro-goofy/-/jobs/167525/artifacts/download
+.. _zephyr-qemu: https://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/mirrors/oniro-goofy/-/jobs/167526/artifacts/download
+.. _zephyr-arduino-nano-33-ble: https://gitlab.eclipse.org/eclipse/oniro-compliancetoolchain/mirrors/oniro-goofy/-/jobs/167527/artifacts/download
+
 *Disclaimer#1*: This is not legal advice. This note is provided just as a
 convenience for you, to suggest some critical areas in which you should seek
 legal advice if you want to develop real-world products based on Oniro. It is
-- 
GitLab