ruddermann
commented
8 months ago It seems my Github permissions don't let me change labels and the like, so we'll do this better next week! :)
Open ruddermann opened 8 months ago
ruddermann
commented
8 months ago It seems my Github permissions don't let me change labels and the like, so we'll do this better next week! :)
ruddermann
commented
8 months ago @UlisesGascon has put together an initial doc to start driving action here: https://docs.google.com/document/d/10nxWZ8yFmi8RShsRVFvytcDEsXq-3hsjRRPJnjCY5oU/edit#heading=h.xspzgqyc3y9k
ruddermann
commented
8 months ago I've also discovered OpenJS' package-metadata-interoperability Collab Space - I wonder what overlap there is here?
UlisesGascon
commented
8 months ago @UlisesGascon has put together an initial doc to start driving action here: https://docs.google.com/document/d/10nxWZ8yFmi8RShsRVFvytcDEsXq-3hsjRRPJnjCY5oU/edit#heading=h.xspzgqyc3y9k
I am planning to do a little demo in the next meeting to discuss a bit how the end users will generate SBOMs using npm and github actions. Just as an initial approach to discuss practical things like how the SBOMs are generated or where to store them, etc...
The SBOM workstream is undergoing a revamp. To start the conversation, I've been working on this doc to help reframe and rescope the discussion more broadly. If this is overly ambition or off, I'm looking forward to the feedback and discussion!
https://docs.google.com/document/d/1KfxNDP4LaKyD5TW3GNEL_VZuKdl9UzuTOfcKgZ3D3bY/edit