Dear spdx-tech members, I hope this message finds you well. I am Kobota from the OpenChain Project SBOM WG. Over the past year, our group has been discussing what quality means for SBOM Documents and JSON files shared among different entities in the software supply chain, and we'd like to publish a guide on the subject soon.
https://docs.google.com/document/d/1iuXX8j10N70dfce1-CZFWhW6S2jEqc--flcCgXMMdjg/edit?usp=sharing The guide is expected to cover the following: * Recommendation not only listing the key items in an SBOM Document but also specifying the appropriate value details for each. * Common scenarios encountered when transferring SBOM Documents and best practices for addressing them. * A mapping table that aligns various legal and guideline requirements with the items specified in the SBOM format. * A collection of practical JSON samples reflecting the above. At this stage, the mapping table has been completed for NTIA, CISA, BSI, and OpenChain Telco. I understand everyone is busy, but I would greatly appreciate it if you could take a moment to review the material and share your thoughts or suggestions. Thank you very much for your time and support. Best regards, Kobota OpenChain Project SBOM WG -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6025): https://lists.spdx.org/g/Spdx-tech/message/6025 Mute This Topic: https://lists.spdx.org/mt/116233473/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
