lsdm, 1 month ago to random French

Qu’attendre de la sortie de SPDX 3.0 ?
La communauté SPDX et la Linux Foundation annoncent la sortie de SPDX 3.0, une avancée significative du projet, avec l’ajout des profils SPDX pour gérer les cas d’utilisation des systèmes modernes.

La version 3.0 de SPDX sera soumise à l’ISO comme mise à jour.#Spdx https://lsdm.live/modules/news/article.php?storyid=5040

sjvn, 1 month ago to security

Meet the System Package Data Exchange: SPDX 3.0, with Profiles: https://thenewstack.io/introducing-spdx-30-and-profiles/ by @sjvn

With #SPDX 3.0, you can track not just software packages, but pretty much anything and everything. It's a game-changer. #OSSummit #Security

ProvenPudding, 1 month ago to random

This will be interesting! I know what an #SBOM is, but #SPDX sounds like an American police drama series. #FOSSNorth @fossnorth

davelester, 1 month ago to random

Good morning from #sosscommunity! Opening keynote: “SBOMs Everywhere: Work in Progress & Challenges Ahead” with some great updates on #SBOM incl the final release tag of #SPDX 3.0! https://github.com/spdx/spdx-3-model/releases/tag/3.0 #ossummit

Slide: “Extending SPDX beyond 3.0”

arnie_dxer, 2 months ago to random Polish

Sierra Echo na pasku, zapowiadając live'a: Sikju Kontest! (bo zawody #SPDX)

Sierra Echo po pół godziny pier*olenia o busach: robi łączność na 17m, nie w zawodach

Sierra Echo przez kolejne pół godziny: dalej pieroli o busach, ale przerywając go szybkimi łącznościami nie w zawodach*

Sierra Echo po kolejnych pół godziny: "może zaraz wróci Julia z Islandii, to zrobię łączność"... po czym DALEJ PIERDOLI O TYCH BUSACH XDDDDDD

#SierraEcho #ToJestLiveKrótkofalarski

luis_in_brief, 7 months ago to random

Because I’m a nice guy and a glutton for punishment, I’m resubscribing to @osi ‘s License Review list.

mariuxdeangelo, 8 months ago to random

The last few days, I was checking out different tools to generate #SBOM and took a closer look at the dependencies I get. While #SPDX and #CycloneDx specify how an SBOM should look, the resulting output can be very different. I've put together some notes here.https://mariuxdeangelo.gitlab.io/website/#/post/20230924-SBOM-dependency-semantics-SPDX-and-CycloneDx

kushal, 8 months ago to security

I wrote about #SBOM #SPDX and vulnerability scanning. https://kushaldas.in/posts/sbom-and-vulnerability-scanning.html

#security #python #rust
@joshbressers you will find some known project names in that post :)

kushal, 8 months ago to random

What is going on? #spdx https://spdx.dev

kushal, 8 months ago to security

Say I have #SBOM #SPDX files containers and projects inside of them. What are the good available options to keep scanning/checking those SBOM files for vulnerabilities right now?

@joshbressers any tips?

#security #opensource