[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Analysis of SPDX compatibility with current SBOM proposal



Greetings all,

 

I completed updating the spreadsheets and adding issues for all of the proposed changes in the SBOM SPDX Compatibility Analysis.

 

Anything I thought was structure, I added an issue – the complete list of SBOM issues can be found here: https://github.com/cdfoundation/sig-security-sbom/issues

 

There is a total of 12 issues added.  Not all of the issues are the same priority or difficulty.  I would recommend we start our Monday discussion with the external document reference issue: https://github.com/cdfoundation/sig-security-sbom/issues/10

 

I updated the classes attributes spreadsheet. I prefixed the comment with SPDX: if it is directly related to SPDX compatibility and with GO: if it is just my opinion (my initials).  There is a total of 21 suggested changes between Philippe, SPDX analysis, and myself.

 

The enumerations literals sheet has also been updated.  I added a sheet with all SPDX relationship types to make it easier to compare. There are 11 proposed changes to the sheet.

 

I also added an issue to the SPDX specification to track adding artifactType as a required attribute in SPDX 3.0: https://github.com/spdx/spdx-spec/issues/171

 

Best regards,

Gary