wg-security-tooling icon indicating copy to clipboard operation
wg-security-tooling copied to clipboard
verified publisher icon ossf

SBOM Manipulation Tooling - 2023 Secure Open Source Software Summit Item

Open idunbarh opened this issue 2 years ago • 3 comments

During the 2023 OpenSSF Secure Open Source Software Summit, an action item was create to help open source and standardize simple sbom manipulate tooling. A time table was also proposed.

  • Requirements 4m (possible connection with EU)
    • Collect requirements on what this tooling should and should not do
  • Tooling survey/donation +4m
    • Several companies stated they were maintaining private tooling with this functionality
    • This is an opportunity to survey the community for private tooling and determine if entities can donate a project(s)
  • Consolidation +4m
    • Once the existing options are identified, lets consolidate these donated projects into a cohesive tool or tools
    • Create consistence documentation and example
  • User education / adoption for these new capabilities.

To support the requirements phase, I started a google doc.

idunbarh avatar Sep 26 '23 17:09 idunbarh

A new organization called bomctl for existing capability to be consolidated into a single project.

  • https://github.com/bomctl/bomctl

idunbarh avatar Jan 11 '24 03:01 idunbarh

I am interested in moving some projects to a known org: https://github.com/opensbom-generator/ particularly https://github.com/opensbom-generator/sbom-composer with maybe a rewrite.

nishakm avatar Jan 12 '24 16:01 nishakm

For those that would like to participate in a working meeting to work the requirements and consolidation, this doodle was created to capture a time to meet.

idunbarh avatar Feb 15 '24 16:02 idunbarh