Interested in SBOM? Registration open for SPDX DocFest on Jan 27th


 

From Rose Judge over on the SPDX list:

SPDX is hosting another DocFest on January 27th from 7-11 AM PST. The purpose of this event is to bring together producers and consumers of SPDX documents and discuss differences between tool output and understanding for the same software artifacts.

Specifically, the goals of this DocFest are to:
1) come to agreement on how the fields should be populated for a given artifact
2) identify instances where different use cases might lead to different choices for fields and structures of documents
3) assess how well the NTIA SBOM minimum elements are covered
4) create a set of reference SPDX SBOMs as part of the corpus for further tooling evaluation.

This event will require "sweat equity" – participants who can produce SPDX documents are expected to have generated at least one SPDX document from the target set (either source, built from source, built image or container equivalent). Participants who consume SPDX documents are expected to run at least two SPDX documents through their tooling and share any analysis results. Those who have signed up and have submitted files by January 21, 2022 will receive a meeting invite to the DocFest.

To indicate interest to participate, please fill in the following form:
https://forms.gle/Mq7ReinTY6gDL4cs9

Join main@lists.openchainproject.org to automatically receive all group messages.