Hello spdx-team, I am interested in contributing to the tools-python project in the spdx organization but during setting up my development environment I am unable to install all the required libraries

Reminder: SPDX tech team meeting When: Tuesday, March 21, 2023 11:00am to 12:30pm (UTC-05:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descrip

At the SPDX Serialisation Meeting 2023-03-16: Sean presented a deck of slides that he and Alexios had created to explain concepts relating to JSON-LD and RDF with regard to SPDX. The presentation cove

I want to contribute in https://github.com/opensbom-generator/parsers project. I would love to have some suggestions and things I need to mention in my proposal. This project seems very interesting to

Team In generating SBOMs, I am encountering a lot of issues with licence information obtained from either ecosystem meta data or actual source files most do not appear to be using SPDX license identif

Dear SPDX tech communities, Thank you for providing a lot of useful documents about SPDX! We, OpenChain Japan SBOM-sg members, illustrated the v2.3 JSON schema a little easier to see. https://qiita.co

Hi all, we just released v0.7.1 of the tools-python! Best, Meret

Reminder: SPDX tech team meeting When: Tuesday, March 14, 2023 11:00am to 12:30pm (UTC-05:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descrip

FYI: Update an update today from Allan Friedman re: CISA SBOM activities – see email below. NOTE from Allan: As a reminder, CISA facilitates these open discussions, but the participants shape the agen

Serialization subteam members: Alexios contributed a toy example JSON file for Issue #89, which illustrates both the correspondence and the difference between any Set class defined in a logical model

https://github.com/ossf/wg-vulnerability-disclosures/issues/125 This video leaves me questioning where Microsoft stands on OpenVEX. Art Manion’s, description of the CISA process is worth listening to:

Just an FYI: Both Willian and I work on the CISA ICT_SCRM Task Force SW Assurance Work Stream, which is developing guidance for Federal Procurement Offers with regard to OMB M-22-18 and EO 14028. Toda

Hi guys, I am Banula Kumarage. I am interested in contributing to the "SPDX License Submission Online Tool - increase functionality" through GSOC 2023. I have given a brief intro about myself in the g

Hi everyone! As every year, Google runs their Summer of Code program, where contributors get the opportunity to become part of Open Source communities. The SPDX Project has participated in the program

Hi everyone, We have updated the SPDX license list version in scancode-toolkit to the newly released version 3.20, and this is also updated and available at scancode-licensedb.aboutcode.org. This will

Chris DeRusha, US Federal CIO at OMB mentions SBOM as part of the forthcoming CISA self-attestation form required under OMB M-22-18: “The Secure Software Development Framework is a fantastic framework

Reminder: SPDX tech team meeting When: Tuesday, March 7, 2023 11:00am to 12:30pm (UTC-06:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descript

Hi All, Since we recently prepared the build profiles PR https://github.com/spdx/spdx-3-model/pull/91, the main bulk of discussions will be happening in the spdx-tech group. We will put the monday mee

Hi all, how does one express "a release package was packaged by packaging-tool"? I learned that a build tool is a package. Hence, I assume that a "package tool" would probably also be a package. That

I have created Issue #94 https://github.com/spdx/spdx-3-model/issues/94 to describe my rationale for using the name Identity as the type of the createdBy property. The name should be chosen to best al