Issue 137 covers one of the topics discussed at the 3/23 serialization subteam meeting. It proposes that a serialization model be defined, and that checksums/hashes be serialized as readably in JSON a

Dear SPDX Community, We've put together an overview of how things have changed from SPDX 1.0 to SPDX 2.3, and from 2.3 to 3.0. Could you take a look? Best regards, OpenChain JWG SBOM SG(Taima Toru and

Hello spdx-team, I am interested in contributing to the tools-python project in the spdx organization but during setting up my development environment I am unable to install all the required libraries

Reminder: SPDX tech team meeting When: Tuesday, March 21, 2023 11:00am to 12:30pm (UTC-05:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descrip

At the SPDX Serialisation Meeting 2023-03-16: Sean presented a deck of slides that he and Alexios had created to explain concepts relating to JSON-LD and RDF with regard to SPDX. The presentation cove

I want to contribute in https://github.com/opensbom-generator/parsers project. I would love to have some suggestions and things I need to mention in my proposal. This project seems very interesting to

Team In generating SBOMs, I am encountering a lot of issues with licence information obtained from either ecosystem meta data or actual source files most do not appear to be using SPDX license identif

Dear SPDX tech communities, Thank you for providing a lot of useful documents about SPDX! We, OpenChain Japan SBOM-sg members, illustrated the v2.3 JSON schema a little easier to see. https://qiita.co

Hi all, we just released v0.7.1 of the tools-python! Best, Meret

Reminder: SPDX tech team meeting When: Tuesday, March 14, 2023 11:00am to 12:30pm (UTC-05:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descrip

FYI: Update an update today from Allan Friedman re: CISA SBOM activities – see email below. NOTE from Allan: As a reminder, CISA facilitates these open discussions, but the participants shape the agen

Serialization subteam members: Alexios contributed a toy example JSON file for Issue #89, which illustrates both the correspondence and the difference between any Set class defined in a logical model

https://github.com/ossf/wg-vulnerability-disclosures/issues/125 This video leaves me questioning where Microsoft stands on OpenVEX. Art Manion’s, description of the CISA process is worth listening to:

Just an FYI: Both Willian and I work on the CISA ICT_SCRM Task Force SW Assurance Work Stream, which is developing guidance for Federal Procurement Offers with regard to OMB M-22-18 and EO 14028. Toda

Hi guys, I am Banula Kumarage. I am interested in contributing to the "SPDX License Submission Online Tool - increase functionality" through GSOC 2023. I have given a brief intro about myself in the g

Hi everyone! As every year, Google runs their Summer of Code program, where contributors get the opportunity to become part of Open Source communities. The SPDX Project has participated in the program

Hi everyone, We have updated the SPDX license list version in scancode-toolkit to the newly released version 3.20, and this is also updated and available at scancode-licensedb.aboutcode.org. This will

Chris DeRusha, US Federal CIO at OMB mentions SBOM as part of the forthcoming CISA self-attestation form required under OMB M-22-18: “The Secure Software Development Framework is a fantastic framework

Reminder: SPDX tech team meeting When: Tuesday, March 7, 2023 11:00am to 12:30pm (UTC-06:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Descript

Hi All, Since we recently prepared the build profiles PR https://github.com/spdx/spdx-3-model/pull/91, the main bulk of discussions will be happening in the spdx-tech group. We will put the monday mee