Thursday SPDX General Meeting Reminder

Phil Odence

Steve Winslow will present:


A Proof-of-concept for Generating an SPDX SBoM for CMake-based Projects.

I will discuss an experiment with leveraging the CMake file-based APIs to automatically create SPDX 2.2 SBoMs. The generated SBoM includes relationships to denote which source files were used as inputs for the corresponding build artifacts. I will present this in the context of the Zephyr project, an open source RTOS for embedded systems that leverages CMake. I will briefly discuss this proof-of-concept, some early results from it and thoughts for next steps.




Meeting Time: Thurs, March 4, 8am PT / 10 am CT / 11am ET / 15:00 UTC.

Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at:


Administrative Agenda


Minutes Approva


CMake to SPDX - Steve


Technical Team Report – Kate/Gary/Others

  • Specification and Profiles
    • Overview
    • Core
    • Legal
    • Integrity
    • Defects
    • Usage and Other Emerging
  • Tooling


Legal Team Report – Jilayne/Paul/Steve


Outreach/Website Team Report – Jack