Hi All, Sorry for getting on the call late. For comment: https://github.com/ion-channel/SEVA We recently released this Spec.
SEvA is specification for encapsulating software supply chain metadata and delivering with a clear and concise schema for parsing using automation. The SEvA definition is divided into several sections. There is a brief description of each section listed below. Our clients would like all evidence to be portable so it can move with a piece of software thru an organization. We could talk about it next month ------------------------------------------- John Scott, President, Ion Channel 240.401.6574 @johnmscott < [email protected] > www.ionchannel.io [image: Inline image 1] *Software Supply Chain Intelligence* On May 3, 2018 at 11:51:32 AM, [email protected] ( [email protected]) wrote: Send Spdx mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://lists.spdx.org/mailman/listinfo/spdx or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Spdx digest..." Today's Topics: 1. May SPDX General Meeting Minutes (Phil Odence) ---------------------------------------------------------------------- Message: 1 Date: Thu, 3 May 2018 15:51:26 +0000 From: Phil Odence <[email protected]> To: "[email protected]" <[email protected]> Subject: May SPDX General Meeting Minutes Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03 General Meeting/Minutes/2018-05-03 < General Meeting<https://wiki.spdx.org/view/General_Meeting>? | Minutes< https://wiki.spdx.org/view/General_Meeting/Minutes> ? Attendance: 12 ? Lead by Phil Odence ? Minutes of April meeting approved Contents [hide<https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03>] ? 1 Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn< https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Guest_Presentation.2C_Automating_Governance_with_SPDX-_Yev_Bronshteyn> ? 2 Tech Team Report - Kate/Gary< https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Tech_Team_Report_-_Kate.2FGary> ? 3 Outreach Team Report - Jack< https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Outreach_Team_Report_-_Jack> ? 4 Legal Team Report - Paul< https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Legal_Team_Report_-_Paul> ? 5 Attendees< https://wiki.spdx.org/view/General_Meeting/Minutes/2018-05-03#Attendees> Guest Presentation, Automating Governance with SPDX- Yev Bronshteyn[edit< https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit§ion=1>] ? Variant on Leadership Summit Presentation ? Don?t need to define SPDX ? Will show product for illustrative purposes ? Governance Today ? Different formats for BoMs ? Challenges ? Manually updating ? Compliance Management ? Requires consistent tooling ? Goals using SPDX ? Automate BoM ? Automate Reporting ? Single format ? Illustration ? Replace disparate BoMs with SPDX versions ? Load into a single data store (example Apache Jena Fuseki ? Query with Sparql ? Demo ? Aggregating multiple BoMs ? Committing change to GItLab ? CI/CD- Build and Scan ? Generate new SPDX doc for changed project ? Sparql queries ? Policy checks ? Voila Tech Team Report - Kate/Gary[edit< https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit§ion=2>] ? Working on outstanding requests for 2.2 ? License expression features ? Handling cases of annotations and extensions to address ? 2.1.1 pdf ? Wrestling with tools a bit ? GoSoC ? Students and mentors in place ? Should be hearing from students during community bonding period ? Projects lined up ? Will present during General Meetings Outreach Team Report - Jack[edit< https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit§ion=3>] ? LinuxCon Vancouver ? Trying to organize ?back off? day before event starts ? Website: ? Still waiting on LF for moving Website to Wordpress ? Content ? Looking at a variety of ways ? Looking at audio/video recordings ? Could include monthly talks ? Yev volunteered to do his ? Looking for more people involvement in OTeam Legal Team Report - Paul[edit< https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit§ion=4>] ? Released latest rev of license list ? Kudos Jilayne and others ? Working out how to manage license submissions in new world ? GoSoC student working out automation Attendees[edit< https://wiki.spdx.org/index.php?title=General_Meeting/Minutes/2018-05-03&action=edit§ion=5>] ? Phil Odence, Black Duck/Synopsys ? Matthew Crawford, ARM ? Yev Bronshteyn, Black Duck/Synopsys ? Steve Billings, Black Duck/Synopsys ? Gary O?Neall, SourceAuditor ? Dave Marr, Qualcomm ? Jack Manbeck, TI ? Kate Stewart, Linux Foundation ? Steve Winslow, LF ? Paul Madick, Dimension Data ? Matije Suklje, LF ? John Scott, Ion Channel -------------- next part -------------- An HTML attachment was scrubbed... URL: < http://lists.spdx.org/pipermail/spdx/attachments/20180503/d3816c4f/attachment.html> ------------------------------ _______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx End of Spdx Digest, Vol 93, Issue 2 ***********************************
ii_1596f0ff17bb68f7
Description: Binary data
_______________________________________________ Spdx mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx
