You're welcome.
You will most likely need SPDX V2.3 if you have any "FILE" components that need to specify version info. The new PackagePurpose field supports the version info for "FILE" artifacts. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 From: [email protected] <[email protected]> On Behalf Of Patil, Sandeep via lists.spdx.org Sent: Monday, May 16, 2022 12:31 PM To: [email protected] Subject: Re: [spdx] SPDX and NTIA SBOM Minimum elements #spdx Thanks you Dick, This is useful From: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > On Behalf Of Dick Brooks via lists.spdx.org Sent: Monday, May 16, 2022 9:54 PM To: [email protected] <mailto:[email protected]> Subject: Re: [spdx] SPDX and NTIA SBOM Minimum elements #spdx You don't often get email from [email protected] <mailto:[email protected]> . Learn why this is important <https://aka.ms/LearnAboutSenderIdentification> Caution: This e-mail originated from outside of Philips, be careful for phishing. NTIA Framing document has the mapping you seek: see page 13 https://www.ntia.gov/files/ntia/publications/ntia_sbom_framing_2nd_edition_2 0211021.pdf <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ntia. gov%2Ffiles%2Fntia%2Fpublications%2Fntia_sbom_framing_2nd_edition_20211021.p df&data=04%7C01%7C%7Cecc96fa9016a4d4c57e608da37587fc5%7C1a407a2d76754d178692 b3ac285306e4%7C0%7C0%7C637883151047766796%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC 4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=5J%2Fc 7O6jhAnb1zBjo5S4UKAFek8RQH1gxO1E8SnaJAk%3D&reserved=0> However the "EO 14028 NTIA min element list is a little different from the framing document list (see attached) Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Freliablee nergyanalytics.com%2Fproducts&data=04%7C01%7C%7Cecc96fa9016a4d4c57e608da3758 7fc5%7C1a407a2d76754d178692b3ac285306e4%7C0%7C0%7C637883151047766796%7CUnkno wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI 6Mn0%3D%7C3000&sdata=qmTHu0hxZ4kx9ONXtcgisUvElz7KkKEcShLmgpBOpmw%3D&reserved =0> Never trust software, always verify and report! T <https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.reliab leenergyanalytics.com%2F&data=04%7C01%7C%7Cecc96fa9016a4d4c57e608da37587fc5% 7C1a407a2d76754d178692b3ac285306e4%7C0%7C0%7C637883151047766796%7CUnknown%7C TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0% 3D%7C3000&sdata=obh62iY2l2cVi53lffObqfK0B3mQ7fSVsYIQzWMVk6I%3D&reserved=0> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 From: [email protected] <mailto:[email protected]> <[email protected] <mailto:[email protected]> > On Behalf Of Patil, Sandeep via lists.spdx.org Sent: Monday, May 16, 2022 12:10 PM To: [email protected] <mailto:[email protected]> Subject: [spdx] SPDX and NTIA SBOM Minimum elements #spdx Hi , Is there any document reference which can be used to see mapping between SPDX tags and NTIA Minimum elements ? Some element names can be easily confused , something like "Author of SBOM Data" in NTIA Minimum elements and "Creator" tag in SPDX are those same ? Regards Sandeep _____ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1516): https://lists.spdx.org/g/spdx/message/1516 Mute This Topic: https://lists.spdx.org/mt/91143408/21656 Mute #spdx:https://lists.spdx.org/g/spdx/mutehashtag/spdx Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
