Digital signatures are essential for ensuring document integrity. Given the critical role of Software Bill of Materials (SBOMs) in providing software component information, signing SBOMs with tools like GPG or Cosign is crucial. To facilitate verification, we need to determine the appropriate location within the SPDX format to incorporate these signatures. Does SPDX formatted SBOM supports fields for storing these signatures ?
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1895): https://lists.spdx.org/g/spdx/message/1895 Mute This Topic: https://lists.spdx.org/mt/107630122/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
