Re: SPDX and NTIA SBOM Minimum elements

Home Messages Hashtags Subgroups

#1517

Re: SPDX and NTIA SBOM Minimum elements
#spdx

William Bartholomew (CELA) #1517 This is how Microsoft has approached this: https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/ The one thing I’d add is that additional identifiers would be stored in External References. Regards, William Bartholomew (he/him) – Let’s chat Principal Security Strategist Global Cybersecurity Policy – Microsoft My working day may not be your working day. Please don’t feel obliged to reply to this e-mail outside of your normal working hours. From: spdx@... <spdx@...> On Behalf Of Dick Brooks via lists.spdx.org Sent: Monday, May 16, 2022 9:24 AM To: spdx@... Subject: [EXTERNAL] Re: [spdx] SPDX and NTIA SBOM Minimum elements #spdx NTIA Framing document has the mapping you seek: see page 13 https://www.ntia.gov/files/ntia/publications/ntia_sbom_framing_2nd_edition_20211021.pdf However the “EO 14028 NTIA min element list is a little different from the framing document list (see attached) Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership *Never trust software, always verify and report!* ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788 From: spdx@... <spdx@...> On Behalf Of Patil, Sandeep via lists.spdx.org Sent: Monday, May 16, 2022 12:10 PM To: spdx@... Subject: [spdx] SPDX and NTIA SBOM Minimum elements #spdx Hi , Is there any document reference which can be used to see mapping between SPDX tags and NTIA Minimum elements ? Some element names can be easily confused , something like "Author of SBOM Data" in NTIA Minimum elements and "Creator" tag in SPDX are those same ? Regards Sandeep
More All Messages By This Member

View All 5 Messages In Topic

#1517

Join spdx@lists.spdx.org to automatically receive all group messages.

Home Hashtags Subgroups Terms