Dear all, Recently the SPDX License Diff browser extension has ceased to work for me. Selecting a piece of text and running the plugin displays the 'Processing...' progress bar, but no report is produ

God,.....

Reminder: SPDX tech team meeting When: Tuesday, December 27, 2022 11:00am to 12:30pm (UTC-06:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Desc

Steve is the Architect of CycloneDX SBOM and the very useful Dependency Track Tool. REA uses Dependency Track to monitor for new vulnerabilities in SAG-PM, which is then used to update the “living” SA

Kate, REA has successfully tested the Daggerboard SPDX SBOM and has created a baseline NIST Vulnerability Disclosure Report based on the SBOM provided. Any chance we could get the Daggerboard authors

Greetings everyone, we would like to inform you that the next regular sync for the development of the SPDX Python tools will be held on January 12th at the usual time of 4:30pm GMT (here is the link a

Reminder: SPDX tech team meeting When: Tuesday, December 20, 2022 11:00am to 12:30pm (UTC-06:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Desc

Hello SPDX tech community members, As in the presentation at the SPDX mini-summit at Yokohama Japan with Kate-san , Brandon-san and Gopi-san, I’ve discussing about proposals about Usage Profile in the

Greetings SPDX tech community, With the holidays approaching at the end of this month, we will be cancelling the SPDX tech call for the last Tuesday of this month (December 27th). We will have our reg

Some thoughts from today's model discussion: 1) Boxes in the model have names and definitions. Definitions must be captured correctly, names are just labels, not things that we reason about to drive d

Reminder: SPDX tech team meeting When: Tuesday, December 13, 2022 11:00am to 12:30pm (UTC-06:00) America/Chicago Where: https://zoom.us/j/663426859 Organizer: Kate Stewart kstewart@... View Event Desc

I attended a meeting in Washington this past week and it’s very clear that people are confused over VEX. Today, I read an article that confirms this confusion over VEX so I wrote a small piece that cl

Hi SPDX legal and tech teams, I’m cross-posting this for wider visibility as some of this impacts both teams: In regard to legal team meetings for the rest of 2022: we will have our regularly schedule

Greetings tech team, I just got caught up on adding our core team minutes to the meetings repo. Those of you on the call, please review and add comments /suggestions for anything we missed – especiall

Eliot, I agree, the BSA letter wasn’t as critical of SBOM as the ITI letter. I’m thinking all of this may be moot now that the State Department Evolve RFP removed all doubt about expectations regardin

Hello everyone, I've got a question regarding the SPDX id of packages, files or snippets. According to spec the format must be "SPDXRef-[idstring]" for tag-value, but rdf in addition has a namespace b

Hi there, This is a question regarding LicenseRefs, specifically for the PackageLicenseDeclared field. Tern is a tool that can generate SPDX documents for containers. When we are collecting license in

Gentlemen, I just wanted to commend you for your honest and accurate analysis of the state of SBOM today in this video: https://www.youtube.com/watch?v=Yu9-_0Dmvjk I was not aware that Google is also

I think there is some confusion about that letter. Nowhere does it say that "SBOM is bad". The concern is that Congress would specify one way of doing things, the military another, and DISA yet a thir