Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Output SBOM #50

Open
fproulx-boostsecurity opened this issue May 2, 2024 · 1 comment
Open

Output SBOM #50

fproulx-boostsecurity opened this issue May 2, 2024 · 1 comment
Assignees
@fproulx-boostsecurity

Comments

@fproulx-boostsecurity
Copy link
Contributor

Support CycloneDX and SPDX

Looks like SPDX Build Profile is quite ahead on this topic
https://docs.google.com/presentation/d/11V7Qg-iyqYRtV7TB6yW7M3MFPkWVVGFo3UxbpCuyecE/edit?resourcekey=0-vlH2T9qHFIvmrdrr6c0ZSQ#slide=id.g194bd5fd766_0_723
https://spdx.dev/learn/areas-of-interest/build/
@fproulx-boostsecurity fproulx-boostsecurity self-assigned this May 2, 2024
@fproulx-boostsecurity fproulx-boostsecurity converted this from a draft issue May 2, 2024
@stevespringett
Copy link

CycloneDX has the concept of formulation which describes both the declared and observed formulas for how something came to be, such as how software was built, tested, and deployed, or how AI models were trained, evaluated, and fine-tuned.

This support has been available since CycloneDX v1.5 with many of the official CycloneDX libraries having added support to it.

Please reach out to the CycloneDX community with any questions the Poutine community may have.

Slack: https://cyclonedx.org/slack
Invite: https://cyclonedx.org/slack/invite

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fproulx-boostsecurity fproulx-boostsecurity

Labels
None yet
Projects
poutine Roadmap
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stevespringett @fproulx-boostsecurity