- Taxonomy of software supply chain ecosystem?
Re: Taxonomy of software supply chain ecosystem?
toggle quoted messageShow quoted text
There's been some industry wide agreement on the taxonomy to use to classify tools here: https://www.ntia.gov/files/ntia/publications/ntia_sbom_tooling_taxonomy-2021mar30.pdf
I think the path of least pain is to align with it, unless there are some tools that just don't fit in the taxonomy.
We've been collecting the tools we're aware of that work with SPDX, and grouped within the taxonomy here: http://tiny.cc/SPDX
Which is an open for comments, so if you spot a tool that works with SPDX and you don't see it in the taxonomy, please fill in the template and add a comment. Jack's done a great job in moving what we've got in that document to our website.
Long term solution here is to move this collection to SPDX's github and generate automatically via a landscape onto the web pages, but that's a WIP that Sebastian's helping us make real.
A taxonomy of this SSC ecosystem. I would like to have one, plz&thx.
For instance, looking at this (very much work in progress, just noodling about as I think about things) picture, those items in each of those long lists aren’t equivalent. They fall into
different categories of functionality and come into play at different stages.
Those categories/stages are the taxonomy I’m hoping someone else has already created and published under a FOSS license so we can all play along at home.
My web searches aren’t turning anything up on this one. Do any of you know whether this exists already?
VM (Vicky) Brasseur
Director, Senior Strategy Advisor
Open Source Program Office
Time Zone: Pacific/West Coast US
'The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you
should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments
for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
Join firstname.lastname@example.org to automatically receive all group messages.