There's been some industry wide agreement on the taxonomy to use to classify tools here: https://www.ntia.gov/files/ntia/publications/ntia_sbom_tooling_taxonomy-2021mar30.pdf I think the path of least pain is to align with it, unless there are some tools that just don't fit in the taxonomy.
We've been collecting the tools we're aware of that work with SPDX, and grouped within the taxonomy here: http://tiny.cc/SPDX Which is an open for comments, so if you spot a tool that works with SPDX and you don't see it in the taxonomy, please fill in the template and add a comment. Jack's done a great job in moving what we've got in that document to our website. Long term solution here is to move this collection to SPDX's github and generate automatically via a landscape onto the web pages, but that's a WIP that Sebastian's helping us make real. That help? Kate On Wed, Nov 17, 2021 at 3:33 PM VM (Vicky) Brasseur via lists.spdx.org <[email protected]> wrote: > A taxonomy of this SSC ecosystem. I would like to have one, plz&thx. > > > > For instance, looking at this (very much work in progress, just noodling > about as I think about things) picture, those items in each of those long > lists aren’t equivalent. They fall into different categories of > functionality and come into play at different stages. > > > > Those categories/stages are the taxonomy I’m hoping someone else has > already created and published under a FOSS license so we can all play along > at home. 😊 > > > > My web searches aren’t turning anything up on this one. Do any of you know > whether this exists already? > > > > --V > > > > -- > > VM (Vicky) Brasseur > > Director, Senior Strategy Advisor > > Open Source Program Office > > Wipro Limited > > Time Zone: Pacific/West Coast US > > > 'The information contained in this electronic message and any attachments > to this message are intended for the exclusive use of the addressee(s) and > may contain proprietary, confidential or privileged information. If you are > not the intended recipient, you should not disseminate, distribute or copy > this e-mail. Please notify the sender immediately and destroy all copies of > this message and any attachments. WARNING: Computer viruses can be > transmitted via email. The recipient should check this email and any > attachments for the presence of viruses. The company accepts no liability > for any damage caused by any virus transmitted by this email. > www.wipro.com' > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1474): https://lists.spdx.org/g/spdx/message/1474 Mute This Topic: https://lists.spdx.org/mt/87130279/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
