[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Agenda - Weekly SBOM WG Meeting



Hi all, here is an agenda for our meeting tomorrow at 12:00 PM Pacific, copied below for convenience:

 

Agenda and Notes:

  • Welcome new members!
    • Anura Fernando, Underwriters Laboratories
    • Ken Modeste, Underwriters Laboratories
    • Sean Barnum, MITRE
  • Upcoming Dates/Meetings
    • Next OMG Spec Submission - February 24
    • Next OMG Technical Meeting March 24 & 25 - Reston VA
      • Registration information here
      • Agenda outline here
  • Discussion
    • Model
      • Approach
        • Understand scenarios across existing communities
        • Work together on model that encompases and extends
      • TODO: address scenario/structural compatibility concerns
        • SPDX - schedule meetings next week?
          • Continue working through GitHub Issues
        • CycloneDX - meeting scheduled on Friday at 4 Eastern
      • TODO: Address naming compatibility concerns
        • Sean investigating options (e.g. aliasing)
    • Timing
      • Target Feb 24
      • Monitor based on progress over the coming week
    • Scenarios - Kay
      • Microsoft POC scenario as follows:
        • Internal build system produces artifacts and SBOM 1
        • Internal security scanning system
          • receives SBOM 1
          • scans SBOM 1 artifacts
          • produces scan results
          • produces SBOM 2
        • Internal release system uses SBOM 2 to apply policy, verify and release SBOM 1 artifacts.