sbom-everywhere
sbom-everywhere copied to clipboard
ossf
Improve Software Bill of Materials (SBOM) tooling and training to encourage adoption
The link doesn't render correctly due to a curly end bracket being where a square end bracket should be (a typo).
Ref https://github.com/ossf/sbom-everywhere/blob/main/reference/sbom_naming.md > 2. Directory Structure: > > Store SBOM files in a dedicated directory, separate from the source code. This might be a top-level directory in the repository named...
During the meeting on 2024-03-12 a topic came up about how we could work together with other groups, especially government groups, to amplify what we are all doing. The notes...
Question that came up around adding SBOM checks to Scorecard. > How do we determine if the project should create an SBOM or not, depending on the type of release...
Here are the next steps for the naming document Send an email to the TAC mailing list asking for feedback (CC Ryan Ware) Give a specific date you expect feedback...
re: https://github.com/ossf/sbom-everywhere/blob/main/reference/sbom_naming.md to minimize guesswork and prevent false positives or negatives, can we harden the naming conventions to be more standardized and thus validate conformity with the expected format for...
There are several different ways to publish a module in the JS ecosystem for re-use elsewhere. Probably the most common by volume these days is modules published to npm in...
This question is related to #12 We claim in our goals and purpose that there are barriers to SBOM adoption. We should be more clear about this. Rather than just...
During the last [meeting](https://docs.google.com/document/d/1LS5PxWP4-dycCLCaZjf_DZtG-XJy2PUoq5jJQvDMQa8/edit#bookmark=id.m7o6vr5ptoom) it was pointed out that we don't have our goals and purpose clearly defined I did some digging, and realized we do have goals and purpose....