Re: [spdx] SPDXID #spdx

Hi Gary, Thanks for reply, then SPDXID will be mostly internal ID and can not be referenced externally, Do you think this might need some change in SPDXID documentation statement  ? "Uniquely identify any element in an SPDX document which may be referenced by other elements. These may be

[spdx] VEX integration in SPDX #spdx

Hi , Is there any roadmap to integrate VEX to  with SPDX ? Or is there already way in current SPDX specification to integrate vulnerability information ? Regards Sandeep -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1528):

[spdx] SPDX and NTIA SBOM Minimum elements #spdx

Hi , Is there any document reference which can be used to see mapping between SPDX tags and  NTIA Minimum elements ? Some element names can be easily confused , something like "Author of SBOM Data" in NTIA Minimum elements and "Creator" tag in SPDX are those same ? Regards Sandeep

Re: [spdx] SPDX and NTIA SBOM Minimum elements #spdx

lists.spdx.org<mailto:spdx@lists.spdx.org> mailto:spdx@lists.spdx.org>> On Behalf Of Patil, Sandeep via lists.spdx.org Sent: Monday, May 16, 2022 12:10 PM To: spdx@lists.spdx.org<mailto:spdx@lists.spdx.org> Subject: [spdx] SPDX and NTIA SBOM Minimum elements #spdx Hi , Is there any docum

[spdx] SPDXID #spdx

Hi , I have query regarding SPDXID , Can this be expressed along with CPE or pURL something like "SPDXRef-[cpe id]"   or  "SPDXRef-[pURL]" Any further guidance on this will help. Regards Sandeep -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online

[spdx] License Type for Commercial Components #spdx

Hi , What is the license type that needs be used in spdx for 3 rd parties with proprietary licenses (e.g., Microsoft)? Regards Sandeep -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1540): https://lists.spdx.org/g/spdx/message/1540 Mute This

[spdx] End Of Life Tag in spdx #spdx

Hi All, We have requirement to specify End Of Life as part of package information in SBoM , Is there way current SPDX format support this ? Regards Sandeep -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1509):

[spdx] SPDX Signing #spdx

Hi All, Is there any guidelines to sign SPDX file ? Regards Sandeep -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1578): https://lists.spdx.org/g/spdx/message/1578 Mute This Topic: https://lists.spdx.org/mt/92889362/21656 Mute

[spdx] SPDXMerge Tool #spdx

Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view

Re: [spdx-tech] Python SPDX lib user needed...

Hi All, Please count me as well, I can contribute in development. Regards Sandeep From: Spdx-tech@lists.spdx.org On Behalf Of Alexios Zavras via lists.spdx.org Sent: Wednesday, May 11, 2022 12:33 AM To: Spdx-tech@lists.spdx.org Subject: [spdx-tech] Python SPDX lib user needed... You don't