[spdx-tech] SPDX in the Wild... Embedded Edition.

Mon, 31 Jan 2022 11:58:14 -0800 

Hi,
    Adoption of SPDX in the embedded space continues...

https://www.yoctoproject.org/2021-a-year-in-review/

"One key topic in the news is Software Bill of Materials (SBoM)
<https://www.linuxfoundation.org/press-release/linux-foundation-announces-software-bill-of-materials-sbom-industry-standard-research-training-and-tools-to-improve-cybersecurity-practices/>
so
it is timely that in our last release, the project has added functionality
to natively generate SPDX manifests which meet the legislative requirements
and take auditing, license and supply chain management to the next level.
The project is a member and strong supporter of the SPDX
<https://spdx.dev/> project.
We have also continued to work on controlling our CVE counts both in
development and in the stable branches and improving our tools that monitor
this."


https://www.linux.com/topic/embedded-iot/enhancing-supply-chain-security-for-embedded-systems-renode-dashboard-for-zephyr-rtos-adds-new-software-bill-of-materials-sbom-capabilities-by-default/

" The Zephyr Project incorporated the ability to generate SBOMs
automatically during builds
<https://docs.zephyrproject.org/latest/guides/west/zephyr-cmds.html#software-bill-of-materials-west-spdx>
in
2021. This is done when building Zephyr executables using the *‘west spdx’*
 command. West
<https://docs.zephyrproject.org/latest/guides/west/index.html> is Zephyr’s
meta-tool that supports the build infrastructure. There are multiple SBOMs
created (one for the Zephyr sources,  one for the application sources, and
one for the built image) that will link back to all the dependencies in the
source files."


If others find reference to SPDX being used in projects, build
environments, etc. please share.

Thanks,
Kate


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4351): https://lists.spdx.org/g/Spdx-tech/message/4351
Mute This Topic: https://lists.spdx.org/mt/88816761/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to