Re: SPDX and NTIA SBOM Minimum elements #spdx


Patil, Sandeep
 

Thanks you Dick, This is useful

 

From: spdx@... <spdx@...> On Behalf Of Dick Brooks via lists.spdx.org
Sent: Monday, May 16, 2022 9:54 PM
To: spdx@...
Subject: Re: [spdx] SPDX and NTIA SBOM Minimum elements #spdx

 

Caution: This e-mail originated from outside of Philips, be careful for phishing.

 

NTIA Framing document has the mapping you seek: see page 13

https://www.ntia.gov/files/ntia/publications/ntia_sbom_framing_2nd_edition_20211021.pdf

 

However the “EO 14028 NTIA min element list is a little different from the framing document list (see attached)

 

 

Thanks,

 

Dick Brooks

 

Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership

 

Never trust software, always verify and report!

http://www.reliableenergyanalytics.com

Email: dick@...

Tel: +1 978-696-1788

 

From: spdx@... <spdx@...> On Behalf Of Patil, Sandeep via lists.spdx.org
Sent: Monday, May 16, 2022 12:10 PM
To: spdx@...
Subject: [spdx] SPDX and NTIA SBOM Minimum elements #spdx

 

Hi , 
Is there any document reference which can be used to see mapping between SPDX tags and  NTIA Minimum elements ?  
Some element names can be easily confused , something like "Author of SBOM Data" in NTIA Minimum elements and "Creator" tag in SPDX are those same ? 

Regards
Sandeep 



The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.

Join spdx@lists.spdx.org to automatically receive all group messages.