Please Join Us In The January 2022 SPDX Community SBOM DocFest
The Linux Foundation | 12 January 2022
SPDX was designed for tools to produce and consume SBOM documents. A decade of experience has shown us that tools may interpret fields differently – a file may be a valid syntactic SPDX SBOM, but different tools may fill in different values.
By coming together as a community to examine the output of multiple tools and to compare/contrast the results, we can refine the guidance to tool vendors and improve the robustness of the ecosystem sharing SPDX documents. Historically, these events were called Bake-offs, but we’ve evolved them into “DocFests.”
After a successful SPDX 2.2 DocFest in September of 2021, the SPDX community has decided to host another DocFest on January 27th from 7-11 AM PST. The purpose of this event is to bring together producers and consumers of SPDX documents and discuss differences between tool output and understanding for the same software artifacts.
Specifically, the goals of this DocFest are to:
- Come to agreement on how the fields should be populated for a given artifact
- Identify instances where different use cases might lead to different choices for fields and structures of documents
- Assess how well the NTIA SBOM minimum elements are covered
- Create a set of reference SPDX SBOMs as part of the corpus for further tooling evaluation.
This event will require “sweat equity” – participants who can produce SPDX documents are expected to have generated at least one SPDX document from the target set (either source, built from source, or an image/container equivalent). Participants who consume SPDX documents are expected to run at least two SPDX documents through their tooling and share any analysis results.
Those who have signed up and have submitted files by January 21, 2022, will receive a meeting invite to the DocFest.
To indicate interest to participate, please fill in the following form no later than January 16, 2022: https://forms.gle/Mq7ReinTY6gDL4cs9
Similar Articles
Browse Categories
2023 Compliance and Security Cloud Computing Open Source Projects Linux How-To 2024 Diversity & Inclusion LF Research Blog Open Source Best Practices Linux Foundation Newsletter 2022 Training and Certification Research Cross Technology Linux lf blog research report linux blog LFX cybersecurity project news software development AI Cloud Native Computing Foundation Legal OpenSearch Topic: Data Announcements Financial Services In the news Networking and Edge lf events Data Governance Energy Featured Events Industry: Finance Industry: Fintech Interoperability LF Energy Open Mainframe Open Models OpenChain System Administration This week at FINOS Topic: Open Source Development Topic: Security Topic: Sustainability Web Application & Development amazon web services aws brand perception cloud native cncf community tools confidential computing challenges developer needs eBPF emerging technologies generative AI human capital japan spotlight kernel lf projects license compliance maintainer openssf research survey sbom skills development tech talent techtalentsurvey updates