Open JonDouglas opened 1 year ago
Is the intention to support only the SPDX format or is there scope for supporting others like CycloneDX?
@TiberiusDRAIG The intention would be to support what sbom-tool supports at this point.
With this being removed from the 6.8 milestone:
Don't read into our backlog tagging too much. It just means that we finished our 6.8 release recently.
A SBOM is a nested inventory; a list of ingredients that make up software components.
This epic tracks the work to support providing a SPDX formatted and NTIA compliant SBOM inside of a NuGet package based on the SBOM Everywhere initiative to bring a seamless interoperability end-to-end for security use cases at five major levels of software development:
We will most likely utilize sbom-tool to accomplish this task.
Please 👍 or 👎 this comment to help us with the direction of this epic & leave as much feedback/questions/concerns as you'd like on this issue itself and we will get back to you shortly.
Further tracking issues will be created shortly as requirements are gathered and planned.