Re: SPDX Generator with RefIDs and package hierarchy

Home Messages Hashtags Subgroups

Dick Brooks #1639 Richard, REA has effectively used SPDX and CycloneDX SBOM formats to conduct software supply chain risk assessments since 2021. I suggest using the latest SPDX SBOM version, 2.3. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report! ™ http://www.reliableenergyanalytics.com Email: dick@... Tel: +1 978-696-1788 toggle quoted message Show quoted text -----Original Message----- From: spdx@... <spdx@...> On Behalf Of Richard Hughes Sent: Thursday, March 16, 2023 11:57 AM To: spdx@... Subject: Re: [spdx] SPDX Generator with RefIDs and package hierarchy On Thu, 16 Mar 2023 at 14:40, <daniel@...> wrote: but we're also looking to support SPDX as well. Is SPDX actually useful as an SBoM specification? I tried to add support into uSWID a few months ago and it was totally underspecified compared to SWID. Richard.
More All Messages By This Member

Join {spdx@lists.spdx.org to automatically receive all group messages.