Standard documents to share sbom report among supply chain
Hi Dinesh!toggle quoted messageShow quoted text
= Everyone else ==
I advise everyone to check out the full discussion here:
== Back to Dinesh ==
We actually have a solution in the market that sounds like it suits your use-case of - basically - an Excel software bill of materials. It is called “SPDX Lite” and it is an optional component of SPDX 2.2. It was created by Japanese companies like Hitachi, Toshiba and Fujitsu for precisely the use case you mention.
You can read about it here:
It is very short, compact and effective for human readability.
On May 20, 2021, at 15:24, DR <email@example.com> wrote:
Hi Shane & all,
I have a question.
Is there are standard documents required to share sbom contained OSS IP details for 2 Main cases.
I searched here not sure where to get them.. (Tracing a doc is little tough)
raised an ticket here https://github.com/OpenChain-Project/Reference-Material/issues/6
Please help if it's already there...