I've been using the SPDX Online Tools recently to Validate and Convert. However, when an error or an exception is being thrown by the tool, understanding of the nature of the issue has not been clear

We’ve great presentations planned for Thursday and the July meeting. Note, due to the the first week of July being a big vacation week in the US, we’ll push the July meeting a week to July 13. Today’s

Hello Everyone, Consolidation of the SBOM market space continues at pace with this announcement of Ion Channel being acquired by Exiger. https://www.linkedin.com/posts/bob-kolasky-92ab554_exiger-acqui

Meeting Time: Thurs, May 4, 8am PT / 10 am CT / 11am ET / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html Conf call dial-in: Join the meeting: https://meet.jit.si/SPDXGeneralMeeting To

Thank you Jean, I have added your name to the growing list of parties that have expressed an interest in joining this collaboration. FYI: I’ve also reached out to ITI and BSA to collaborate on this. I

Hello Everyone, CISA is seeking comments on their proposed self-attestation form for OMB M-22-18 and EO 14028. Is there any interest in doing a joint comment filing to CISA? Please respond to this ema

I'm seeing a good response so far. Hoping to reach 100 small and medium businesses providing software to the US Government sign-on to this collaborative joint filing effort before the filing deadline

Dear all, I have relished the intellectual company of the SPDX community. There has been no other open source community that I have felt more welcomed in, nor one that shows so much potential for the

All, It hit me, out of the blue when I awoke this morning, that in Thursday’s General Meeting I neglected to mention and give thanks to May Wang for her contributions in serving on the Steering Commit

Google have opened their deps.dev API, covering dependencies, license information and vulnerabilities. Right now, it's open and free to use – you don't even need an API key. Blog post here: https://se

Hey all, If anyone happens to be using or familiar with Microsoft's vcpkg tool (using it to manage dependencies for a C++ project), do you know if there's a way to generate an SBOM from it? Their late

SBOMs in the Windows supply chain, an SPDX success story - Joe Bussell, Microsoft Abstract: Joe will discuss the implementation of validation of SBOMs representing software packages in the Windows sof

we are experiencing technical difficulties, but everyone is rejoining at https://meet.jit.si/SPDXGeneralMeeting - so please try again

Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX f

Looks like GitHub has a self-service option to create SBOMs for a GitHub Project based on SPDX! See this blog from them. Best Regards, Jack Manbeck Outreach Chair

Hi everyone! As every year, Google runs their Summer of Code program, where contributors get the opportunity to become part of Open Source communities. The SPDX Project has participated in the program

All, I feel like I'm missing something obvious here, but which SBOM generators actually generate SPDX SBOMs that (1) have refID's for the overall asset (documentDescribes), and (2) have package depend

https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf Note references to SBOM and NIST/CISA role in driving regulations. Thanks, Dick Brooks Active Member of t

Hello all, Max Huber of TNG Technology Consulting will be presenting on Thursday: In this presentation, Max will give a brief update of the recentdevelopment in the Python Tools. It went through a hug

Hi All, There has been a small discrepancy in the SPDX 2.2 JSON schema and the SPDX spec for a while: the 2.2 spec indicates External Reference Category should have a value of: SECURITY | PACKAGE-MANA