|
End Of Life Tag in spdx
#spdx
Steve, Regarding: “I have no opinion on end-of-life either way, but wouldn’t the same argument apply to security vulnerabilities?” Yes, if a software vendor chooses to list each known vulnerability wi
Steve, Regarding: “I have no opinion on end-of-life either way, but wouldn’t the same argument apply to security vulnerabilities?” Yes, if a software vendor chooses to list each known vulnerability wi
|
By
Dick Brooks
· #1525
·
|
|
End Of Life Tag in spdx
#spdx
Armijn said: > Current information inside SPDX documents is largely static […] > This would make SPDX a lot more cumbersome, as not only do the documents need to be generated, but they also need to be
Armijn said: > Current information inside SPDX documents is largely static […] > This would make SPDX a lot more cumbersome, as not only do the documents need to be generated, but they also need to be
|
By
Steve Kilbane
· #1524
·
|
|
End Of Life Tag in spdx
#spdx
I agree: “I would suggest to keep this information "out of band" and not inside SPDX documents” Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council
I agree: “I would suggest to keep this information "out of band" and not inside SPDX documents” Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council
|
By
Dick Brooks
· #1523
·
|
|
End Of Life Tag in spdx
#spdx
hello, I would suggest to keep this information "out of band" and not inside SPDX documents. Current information inside SPDX documents is largely static: package, license, checksum, and so on. Of cour
hello, I would suggest to keep this information "out of band" and not inside SPDX documents. Current information inside SPDX documents is largely static: package, license, checksum, and so on. Of cour
|
By
Armijn Hemel - Tjaldur Software Governance Solutions
· #1522
·
|
|
SPDXID
#spdx
Hi Sandeep, Although the SPDX ID is internal to SPDX documents, you can refer to an SPDX ID in a different document using the SPDX Document identifier as defined in section 6.6. So the statement below
Hi Sandeep, Although the SPDX ID is internal to SPDX documents, you can refer to an SPDX ID in a different document using the SPDX Document identifier as defined in section 6.6. So the statement below
|
By
Gary O'Neall
· #1521
·
|
|
SPDXID
#spdx
Hi Gary, Thanks for reply, then SPDXID will be mostly internal ID and can not be referenced externally, Do you think this might need some change in SPDXID documentation statement ? "Uniquely identify
Hi Gary, Thanks for reply, then SPDXID will be mostly internal ID and can not be referenced externally, Do you think this might need some change in SPDXID documentation statement ? "Uniquely identify
|
By
Patil, Sandeep
· #1520
·
|
|
SPDXID
#spdx
Hi Sandeep – Moving the conversation over to the SPDX-tech mailing list. Unfortunately, adding in a CPE ID or pURL would include characters disallowed in the SPDX ID. Fortunately, there is a way to ex
Hi Sandeep – Moving the conversation over to the SPDX-tech mailing list. Unfortunately, adding in a CPE ID or pURL would include characters disallowed in the SPDX ID. Fortunately, there is a way to ex
|
By
Gary O'Neall
· #1518
·
|
|
SPDX and NTIA SBOM Minimum elements
#spdx
This is how Microsoft has approached this: https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/ The one thing I’d add is that ad
This is how Microsoft has approached this: https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/ The one thing I’d add is that ad
|
By
William Bartholomew (CELA)
· #1517
·
|
|
SPDX and NTIA SBOM Minimum elements
#spdx
You’re welcome. You will most likely need SPDX V2.3 if you have any “FILE” components that need to specify version info. The new PackagePurpose field supports the version info for “FILE” artifacts. Th
You’re welcome. You will most likely need SPDX V2.3 if you have any “FILE” components that need to specify version info. The new PackagePurpose field supports the version info for “FILE” artifacts. Th
|
By
Dick Brooks
· #1516
·
|
|
SPDX and NTIA SBOM Minimum elements
#spdx
Thanks you Dick, This is useful
Thanks you Dick, This is useful
|
By
Patil, Sandeep
· #1515
·
|
|
SPDX and NTIA SBOM Minimum elements
#spdx
NTIA Framing document has the mapping you seek: see page 13 https://www.ntia.gov/files/ntia/publications/ntia_sbom_framing_2nd_edition_20211021.pdf However the “EO 14028 NTIA min element list is a lit
NTIA Framing document has the mapping you seek: see page 13 https://www.ntia.gov/files/ntia/publications/ntia_sbom_framing_2nd_edition_20211021.pdf However the “EO 14028 NTIA min element list is a lit
|
By
Dick Brooks
· #1514
·
|
|
SPDX and NTIA SBOM Minimum elements
#spdx
Hi , Is there any document reference which can be used to see mapping between SPDX tags and NTIA Minimum elements ? Some element names can be easily confused , something like "Author of SBOM Data" in
Hi , Is there any document reference which can be used to see mapping between SPDX tags and NTIA Minimum elements ? Some element names can be easily confused , something like "Author of SBOM Data" in
|
By
Patil, Sandeep
· #1513
·
|
|
SPDXID
#spdx
Hi , I have query regarding SPDXID , Can this be expressed along with CPE or pURL something like "SPDXRef-[cpe id]" or "SPDXRef-[pURL]" Any further guidance on this will help. Regards Sandeep
Hi , I have query regarding SPDXID , Can this be expressed along with CPE or pURL something like "SPDXRef-[cpe id]" or "SPDXRef-[pURL]" Any further guidance on this will help. Regards Sandeep
|
By
Patil, Sandeep
· #1512
·
|
|
End Of Life Tag in spdx
#spdx
Kate and Sandeep, Our customers are also interested in this information. There are two concepts to consider: Commercial Status: <enumeration value="Available"></enumeration> <enumeration value="Retire
Kate and Sandeep, Our customers are also interested in this information. There are two concepts to consider: Commercial Status: <enumeration value="Available"></enumeration> <enumeration value="Retire
|
By
Dick Brooks
· #1511
·
|
|
End Of Life Tag in spdx
#spdx
Hi Sandeep, There is a pull request expected shortly from the Usage profile team, to add this specific field to 2.3. When it comes in, please feel free to review and make sure it's going to suffice fo
Hi Sandeep, There is a pull request expected shortly from the Usage profile team, to add this specific field to 2.3. When it comes in, please feel free to review and make sure it's going to suffice fo
|
By
Kate Stewart
· #1510
·
|
|
End Of Life Tag in spdx
#spdx
Hi All, We have requirement to specify End Of Life as part of package information in SBoM , Is there way current SPDX format support this ? Regards Sandeep
Hi All, We have requirement to specify End Of Life as part of package information in SBoM , Is there way current SPDX format support this ? Regards Sandeep
|
By
Patil, Sandeep
· #1509
·
|
|
#spdx #gsoc
#spdx
#gsoc
Hi Belen, Welcome to SPDX, We are glad you find our project idea interesting. Join the developers community on gitter at https://gitter.im/spdx-org/Lobby to discuss your ideas and questions. Best rega
Hi Belen, Welcome to SPDX, We are glad you find our project idea interesting. Join the developers community on gitter at https://gitter.im/spdx-org/Lobby to discuss your ideas and questions. Best rega
|
By
Krys Nuvadga
· #1235
·
|
|
#spdx #gsoc
#spdx
#gsoc
Hello! My name is Belen Guaranda. I am an undergraduate Computer Science student from Ecuador, in my last semester of studies. I am interested in working on the project "Develop a Distributed License
Hello! My name is Belen Guaranda. I am an undergraduate Computer Science student from Ecuador, in my last semester of studies. I am interested in working on the project "Develop a Distributed License
|
By
...
· #1234
·
|
|
[EXTERNAL] Re: [spdx-tech] [spdx] Need Help for contrubuting in GSOC 2019
#spdx
In addition to Java, we have quite a few tools written in Python. We just added libraries written in go. Gary
In addition to Java, we have quite a few tools written in Python. We just added libraries written in go. Gary
|
By
Gary O'Neall
· #1204
·
|
|
[EXTERNAL] Re: [spdx-tech] [spdx] Need Help for contrubuting in GSOC 2019
#spdx
Sure. Were just now starting the process of applying to Google for their Summer of Code 2019. If we do get awarded slots there is a specific process you must follow. I suggest you get signed up with t
Sure. Were just now starting the process of applying to Google for their Summer of Code 2019. If we do get awarded slots there is a specific process you must follow. I suggest you get signed up with t
|
By
Manbeck, Jack
· #1203
·
|