Hi everyone, I’m a final-year Computer Science and Engineering student at the University of Moratuwa. I am writing to introduce myself and express my interest in the SBOM conformance checker project for GSoC 2026.
I read Art’s recent note about the OpenChain AI SBOM being a moving target, and the pivot towards supporting the new NTIA/CISA minimum elements (2025 draft) and initial SPDX 3.1 RC1 support (Issue #305). I am already familiar with the project's architecture. Last month, I had the pleasure of working with Art on PR #352, where we added a Pytest robustness test suite to validate the parser against real-world, non-conformant SPDX datasets. I really appreciated the guidance on SPDX conventions (like the CC0-1.0 data license requirement) during that PR, and it made me eager to dive deeper into the codebase. Beyond my open-source work, I use Python heavily in my day-to-day including R&D internship at Synopsys, where I build Generative AI architectures and multi-agent systems for EDA tools. I have reviewed the GSoC 2022 and 2025 contributor reports, as well as the current implementation in spdx3_utils.py. I am currently drafting my proposal with a focus on implementing the CISA 2025 draft requirements. Are there any specific edge cases in the 2025 draft or the SPDX 3.1 Python bindings that the team would like me to prioritize in my timeline? Looking forward to getting more involved! Best regards, Induwara Gunasena, https://github.com/InduwaraGunasena -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2146): https://lists.spdx.org/g/spdx/message/2146 Mute This Topic: https://lists.spdx.org/mt/118603003/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
