From 376fe1eac3c708c384b1d95b0add1d6432658533 Mon Sep 17 00:00:00 2001 From: Sebastian Ziebell Date: Mon, 6 May 2024 15:42:18 +0200 Subject: [PATCH] Add 'sbom' section to unstable features doc --- src/doc/src/reference/unstable.md | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/doc/src/reference/unstable.md b/src/doc/src/reference/unstable.md index d1ee3f9f09df..d2ee09d7165b 100644 --- a/src/doc/src/reference/unstable.md +++ b/src/doc/src/reference/unstable.md @@ -73,6 +73,7 @@ For the latest nightly, see the [nightly version] of this page. * [public-dependency](#public-dependency) --- Allows dependencies to be classified as either public or private. * [msrv-policy](#msrv-policy) --- MSRV-aware resolver and version selection * [precise-pre-release](#precise-pre-release) --- Allows pre-release versions to be selected with `update --precise` + * [sbom](#sbom) --- Generates SBOM pre-cursor files for compiled artifacts * Output behavior * [out-dir](#out-dir) --- Adds a directory where artifacts are copied to. * [Different binary name](#different-binary-name) --- Assign a name to the built binary that is separate from the crate name. @@ -377,6 +378,29 @@ It's possible to update `my-dependency` to a pre-release with `update -Zunstable This is because `0.1.2-pre.0` is considered compatible with `0.1.1`. It would not be possible to upgrade to `0.2.0-pre.0` from `0.1.1` in the same way. +## sbom +* Tracking Issue: [#13709](https://github.com/rust-lang/cargo/pull/13709) +* RFC: [#3553](https://github.com/rust-lang/rfcs/pull/3553) + +The `sbom` build config allows to generate so-called SBOM pre-cursor files +alongside each compiled artifact. A Software Bill Of Material (SBOM) tool can +incorporate these generated files to collect important information from the cargo +build process that are difficult or impossible to obtain in another way. + +To enable this feature either set the `sbom` field in the `.cargo/config.toml` + +```toml +[build] +sbom = true +``` + +or set the `CARGO_BUILD_SBOM` environment variable to `true`. The functionality +is available behind the flag `-Z sbom`. + +The generated output files are in JSON format and follow the naming scheme +`.cargo-sbom.json`. The JSON file contains information about dependencies, +target, features and the used `rustc` compiler. + ## build-std * Tracking Repository: