Hi, Try Export SBOM at: https://github.com/nexB/license-expression/network/dependencies Best regards, Marc-Etienne

We raised the first issue with them yesterday and they are working on it. Do you have more detail on the second? Get Outlook for iOS

Hi, I did some quick tests. I always get invalid SPDX, mostly with “Empty license expression” and “No SPDX element found for SPDX ID” flagged by the validator. Does anyone know where

This is awesome thank you Sandeep! Joseph D. Silvia Director Software Quality Training and Consulting Oriel STAT A MATRIX|Improving Workplace Performance Since 1968 1055 Thomas Jefferson St. NW,

Thanks Sandeep, Excellent contribution to the community! Gary

Looks like GitHub has a self-service option to create SBOMs for a GitHub Project based on SPDX! See this blog from them. Best Regards, Jack Manbeck Outreach Chair

Thanks Sandeep, Excellent contribution to the community! Gary

Thanks Sandeep, Excellent contribution to the community! Gary

Thanks Sandeep, Excellent contribution to the community! Gary

Thanks Sandeep, Excellent contribution to the community! Gary

Hi Sandeep, Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org:https://github.com/opensbom-generator/sbom-composer😊 -Rose

Very cool Sandeep! Thanks for sharing this!

Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX

Hello all, Akshat this side. It's great to see SPDX again in the GSoC 2023! I am looking to contribute to Specification Generator I have gone through the SPEC Parser repository. Kindly help me get

I honestly thought the original question was about SPDX's format itself and not about tools used in certain situations. From my side tern does a good job in generating SPDX docs for

Hi Daniel, I’m not sure I agree if you include commercial and open source tools. If you’re generating the information primarily from package manifests, there are a few tools out there that

Richard, REA has effectively used SPDX and CycloneDX SBOM formats to conduct software supply chain risk assessments since 2021. I suggest using the latest SPDX SBOM version, 2.3. Thanks, Dick

Is SPDX actually useful as an SBoM specification? I tried to add support into uSWID a few months ago and it was totally underspecified compared to SWID. Richard.

So just to confirm with the community: There is no single generator that can generate SPDX SBOMs, with dependency hierarchies, across different ecosystems (Python, Go, etc.) and for both containers &

Daniel Have a look at SBOM4Python which generates an SBOM for an installed python module including all of its dependencies (direct or indirect). And look at SBOM2dot which generates a DOT file for