joshbressers
commented
2 years ago - https://github.com/oss-review-toolkit/ort
- Is there an opportunity to work with this tool?
- False positive suppression
- Marta: Proposal: document tools that exist, interchange formats, find out what the gaps are, share knowledge and make it easy to access to developers
- Jack: Looking forward to working on nix drv -> SBOM - Nix thesis drv section 2.4 page 40
- David Sastre: threat modeler - interested in aggregating information. Too many formats. There's no way to aggregate data from all the sources that exist today (CVE, NVD, …)
- Jon Zeolla interested in tooling to help with controls. The CNCF TAG WG is doing some of this
We have a large amount of notes from the reboot call https://docs.google.com/document/d/1DoB7zgtLsP-JGF77ASkHV7UMofTE2wseniexaa6Q4M8/edit#
@joshbressers is going to distill this into a short list of tasks this group wants to address.