search

CERTCC / SBOM

Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
MIT License
57 stars 16 forks source link

Health care POC phase-2 request for SPDX external reference to cross reference SBOMs. #6

Closed sei-vsarvepalli closed 3 years ago

sei-vsarvepalli commented 3 years ago

The Health care PoC has a work in progress of managing multiple SPDX SBOM's that can eb cross reference using the SPDX See https://spdx.github.io/spdx-spec/7-relationships-between-SPDX-elements/

Section "7.1.4 Data Format" for referencing external SPDX documents using the format ["DocumentRef-"[idstring]":"]SPDXID ["DocumentRef-"[idstring]":"]SPDXID | NONE | NOASSERTION where "DocumentRef-"[idstring]":" is an optional reference to an external SPDX document as described in section 2.6

From Ed Heierman (Abbot) with support from kstewart(at)linuxfoundation.org

sei-vsarvepalli commented 3 years ago

Issues resolved with PR #9

Vijay