Thank you Kiet. Glad to see your interest in the project and welcome to the community.
Apart from, of course, the SPDX specs themselves at: https://spdx.github.io/spdx-spec/v3.0.1/ https://spdx.github.io/spdx-spec/v3.1-dev/ There are repos that you may find useful for the GSoC project: 1. The conformance checker itself https://github.com/spdx/ntia-conformance-checker This will be the main repo for conformance checker work. Online tools will call this as a library. 2. The SPDX 3.0/3.1 model https://github.com/spdx/spdx-3-model/ SPDX 3.1 model is currently in development, with release candidate 1 3. SPDX 3 python binding https://github.com/spdx/spdx-python-model Python programmatic use of SPDX 3.0 (and future 3.1) will be done through this. If we want to add SPDX 3.1 support, this could be a repo to contribute to. (as the current conformance checker is implemented in Python 4. Online tools https://github.com/spdx/spdx-online-tools/ Web UI that wrap the conformance checker 5. OpenChain Telco SBOM validator https://github.com/OpenChain-Project/Telco-WG/tree/main/tools/openchain_telco_sbom_validator Since we are going to reference a conformance standard from OpenChain, it might be useful to see their reference implementation (of a related conformance standard). One improvement that we can get more focus on is probably around the correctness according to SPDX 3. You can see that in https://github.com/spdx/ntia-conformance-checker/blob/main/ntia_conformance_checker/spdx3_utils.py - there are several conformance checks for the SPDX 3.0 spec itself. This requires the reading of the SPDX 3 spec and converting their conformance requirement points to code. As the OpenChain AI SBOM does not yet provide details in terms of minimum elements as we were expecting, so maybe it's a bit of a moving target. Instead, one area we can also try is to see how we can support the new NTIA minimum elements (2025 draft) and probably initial support of SPDX 3.1 (release candidate 1) https://github.com/spdx/ntia-conformance-checker/issues/305 I would also recommend potential contributors to read contributor reports from GSoC 2022 and 2025 at: https://github.com/spdx/ntia-conformance-checker/wiki cheers, Art -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#6125): https://lists.spdx.org/g/Spdx-tech/message/6125 Mute This Topic: https://lists.spdx.org/mt/118443721/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
