LabVIEW
Software bill of materials(SBOM) generation for a Labview Project
Solved!
I have been told that the ability to create an SBOM is being actively worked on by NI. It is becoming a requirement for military related customers. I have no clue on timeline, but it is a priority for NI.
I have code that was not specifically designed for this, but it likely is close to meeting the requirements for it.
It's in a few different parts.
Part 1 gets a list of every dependency file on disk as best as it can. It starts with this, passing in a reference to the Main VI:
There's some parsing after that to make sure all members of a class are included, to make sure "nested" files are reduced to just their on-disk files (i.e. members of LLB and LVLIBP files), and so on. It also makes sure to get any project files or other related files.
Part 2 checks source control status of all files. Some files are excluded (vi.lib files mostly) as they are not expected to be in source control. Everything that is in source control must be committed in its current form, i.e. there are no changes on your local PC not in source control.
Part 3 then checks source control to get the complete path to each file and the revision of that file you have on your local disk. This is because it's possible you're not using the most recent version of some files in your repository, either because someone else made changes that you didn't want to add in just yet, or perhaps you're not using the main trunk of some of your files for whatever reason.
Part 4 is something I haven't added to my process yet because I trust my source control, but if I wanted to be absolutely sure I would record the date/time stamps, file size, file version, and a SHA256 checksum of every file so it could be checked later to be sure a VI.lib file didn't get swapped out.
Combine all the results from the parts into a list of files, paths in your source repo, and the data from part 4, and hopefully that would qualify.
