Skip to content

Commit 0aa10e9

Browse files
justaherojustahero
committed
Add 'sbom' section to unstable features doc
1 parent 37506b2 commit 0aa10e9

File tree

1 file changed

+24
-0
lines changed

1 file changed

+24
-0
lines changed

src/doc/src/reference/unstable.md

+24
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@ For the latest nightly, see the [nightly version] of this page.
7373
* [public-dependency](#public-dependency) --- Allows dependencies to be classified as either public or private.
7474
* [msrv-policy](#msrv-policy) --- MSRV-aware resolver and version selection
7575
* [precise-pre-release](#precise-pre-release) --- Allows pre-release versions to be selected with `update --precise`
76+
* [sbom](#sbom) --- Generates SBOM pre-cursor files for compiled artifacts
7677
* Output behavior
7778
* [out-dir](#out-dir) --- Adds a directory where artifacts are copied to.
7879
* [Different binary name](#different-binary-name) --- Assign a name to the built binary that is separate from the crate name.
@@ -377,6 +378,29 @@ It's possible to update `my-dependency` to a pre-release with `update -Zunstable
377378
This is because `0.1.2-pre.0` is considered compatible with `0.1.1`.
378379
It would not be possible to upgrade to `0.2.0-pre.0` from `0.1.1` in the same way.
379380

381+
## sbom
382+
* Tracking Issue: [#13709](https://github.com/rust-lang/cargo/pull/13709)
383+
* RFC: [#3553](https://github.com/rust-lang/rfcs/pull/3553)
384+
385+
The `sbom` build config allows to generate so-called SBOM pre-cursor files
386+
alongside each compiled artifact. A Software Bill Of Material (SBOM) tool can
387+
incorporate these generated files to collect important information from the cargo
388+
build process that are difficult or impossible to obtain in another way.
389+
390+
To enable this feature either set the `sbom` field in the `.cargo/config.toml`
391+
392+
```toml
393+
[build]
394+
sbom = true
395+
```
396+
397+
or set the `CARGO_BUILD_SBOM` environment variable to `true`. The functionality
398+
is available behind the flag `-Z sbom`.
399+
400+
The generated output files are in JSON format and follow the naming scheme
401+
`<artifact>.cargo-sbom.json`. The JSON file contains information about dependencies,
402+
target, features and the used `rustc` compiler.
403+
380404
## build-std
381405
* Tracking Repository: <https://github.com/rust-lang/wg-cargo-std-aware>
382406

0 commit comments

Comments
 (0)