Merge remote-tracking branch 'origin/master'

Author: stevespringett

Gemfile

@@ -5,3 +5,4 @@ gem "jekyll-sitemap"
 gem "jekyll-last-modified-at"
 gem 'jekyll-feed'
 gem 'jekyll-redirect-from'
+gem 'jekyll-regex-replace'

Gemfile.lock

@@ -36,6 +36,7 @@ GEM
       posix-spawn (~> 0.3.9)
     jekyll-redirect-from (0.16.0)
       jekyll (>= 3.3, < 5.0)
+    jekyll-regex-replace (1.1.0)
     jekyll-sass-converter (2.1.0)
       sassc (> 2.0.1, < 3.0)
     jekyll-sitemap (1.4.0)
@@ -80,7 +81,8 @@ DEPENDENCIES
   jekyll-feed
   jekyll-last-modified-at
   jekyll-redirect-from
+  jekyll-regex-replace
   jekyll-sitemap
 
 BUNDLED WITH
-   2.2.30
+   2.3.25

_config.yml

@@ -62,6 +62,7 @@ plugins:
   - jekyll-last-modified-at
   - jekyll-feed
   - jekyll-redirect-from
+  - jekyll-regex-replace
 defaults:
   -
     scope:

_data/carousel.yml

@@ -1,3 +1,6 @@
+- title: "CycloneDX: The International Standard for Bill of Materials (ECMA-424)"
+  image: /theme/assets/images/hero-header.png
+  description: The OWASP Foundation and Ecma International Technical Committee for Software & System Transparency (TC54), which includes representatives from Bloomberg, IBM, Lockheed Martin, and ServiceNow, drive the continued advancement of the specification.
 - title: CycloneDX is designed to provide advanced supply chain capabilities for cyber risk reduction.
   image: /theme/assets/images/hero-header.png
   description: Compatible with over 200 tools across 20+ programming languages, CycloneDX is trusted by Lockheed Martin, ServiceNow, IBM, Contrast Security, Sonatype, and many others.
@@ -15,7 +18,4 @@
   description: CycloneDX can leverage SPDX license IDs and expressions, along with comprehensive commercial license support, supporting open source license compliance and Software Asset Management (SAM) use cases.
 - title: CycloneDX evolves with your project or organizational needs.
   image: theme/assets/images/beyond_sbom_hero.jpg
-  description: Trusted by beginners and experts, CycloneDX offers an easy on-ramp to adoption and the world's most extensive collection of tools to get started.
-- title: CycloneDX is supported by technology leaders across the world.
-  image: theme/assets/images/ecma_hero.jpg
-  description: The OWASP Foundation maintains CycloneDX with help from the Ecma International Technical Committee for Software & System Transparency (TC54), which includes representatives from Bloomberg, IBM, Lockheed Martin, and ServiceNow.
+  description: Trusted by beginners and experts, CycloneDX offers an easy on-ramp to adoption and the world's most extensive collection of tools to get started.

_data/tools.yml

@@ -1957,3 +1957,11 @@
   categories:
   - transform
   - opensource
+- name: cdx-enrich
+  publisher: Michael Tsfoni
+  description: Enriches a CycloneDX Software Bills of Material (SBOM) with predefined data.
+  websiteUrl: https://github.com/mtsfoni/cdx-enrich
+  repoUrl: https://github.com/mtsfoni/cdx-enrich
+  categories:
+  - build-integration
+  - opensource

_posts/2024-07-01-cyclonedx-v1.6-now-an-ecma-international-standard.md

@@ -0,0 +1,126 @@
+---
+# Page settings
+layout: document
+keywords: application security, software security, software bill of material, SBOM, BOM, open source, supply chain, specification, spdx, license, package url, purl, cpe
+comments: false
+banner: false
+
+# News article settings
+organization: CycloneDX
+type: Press Release
+
+title: "CycloneDX v1.6: Now an Ecma International Standard"
+window_title: "CycloneDX v1.6: Now an Ecma International Standard"
+description: "CycloneDX v1.6: Now an Ecma International Standard"
+location: WILMINGTON, DE
+subtitle: CycloneDX v1.6 has been officially ratified as an Ecma International standard, following a decisive vote at the Ecma General Assembly on 26 June.
+excerpt: This milestone sets the stage for CycloneDX Bill of materials being available as a global xBOM (Bill of Materials) standard for use across multiple domains. CycloneDX is proud to be an OWASP Flagship standards project, and in a community development model with Ecma International’s TC54, underscoring its importance and impact in the industry.
+image: https://cyclonedx.org/theme/assets/images/hero-subheader.png
+
+# Micro navigation
+micro_nav: false
+
+# Page navigation
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: ABOUT
+  - title: NEWSROOM
+  
+---
+
+# CycloneDX v1.6: Now an Ecma International Standard
+**01 July 2024**
+
+OWASP is excited to announce that CycloneDX v1.6 has been officially ratified as an Ecma International standard, 
+CycloneDX Bill of materials specification, following a decisive vote at  the Ecma General Assembly on 26 June. 
+This milestone sets the stage for CycloneDX Bill of materials being available as a global xBOM (Bill of Materials) 
+standard for use across multiple domains. CycloneDX is proud to be an OWASP Flagship standards project, and in a 
+community development model with Ecma International’s TC54, underscoring its importance and impact in the industry.
+
+#### **A Comprehensive Standard for the Software Supply Chain**
+CycloneDX v1.6 stands out as the global xBOM standard that holistically supports a wide range of assets, including 
+software, services, hardware, firmware, AI/ML, and cryptography. This broad coverage is crucial in today’s complex 
+and interconnected technology landscape, enabling organizations to achieve comprehensive visibility and management 
+across their entire supply chain.
+
+* **Software**: Ensures detailed transparency and management of software components, vital for addressing security vulnerabilities and ensuring compliance.
+* **Services**: Covers third-party services, providing insights into potential risks and dependencies that could impact operational integrity.
+* **Hardware and Firmware**: Facilitates robust management and security of physical components and embedded systems, crucial for sectors like IoT and critical infrastructure.
+* **AI/ML**: Addresses the growing need to manage and secure machine learning models and data, essential for maintaining trust and performance in AI-driven applications.
+* **Cryptography**: Ensures secure handling and implementation of cryptographic assets, including Post-Quantum Cryptography (PQC) readiness as outlined in [NIST SP 1800-38B](https://csrc.nist.gov/pubs/sp/1800/38/iprd-(1)). This is a fundamental aspect of protecting data integrity and confidentiality from evolving threats.
+
+#### **Ideal for Holistic Supply Chain and Advanced Cybersecurity Use Cases**
+
+CycloneDX v1.6 is specifically designed to meet the demands of holistic supply chain management and advanced 
+cybersecurity use cases. By providing a detailed and comprehensive view of the entire supply chain, CycloneDX 
+enables organizations to identify and mitigate risks effectively, ensuring resilience and security.
+
+
+#### **Unmatched License Support**
+
+One of the standout features of CycloneDX v1.6 is its advanced license support, which holistically helps to 
+facilitate open-source license compliance and supports commercial license management and procurement scenarios.
+This capability is critical for organizations navigating the complexities of software licensing, ensuring compliance
+and optimizing procurement processes.
+
+
+#### **Wide Industry Support**
+
+CycloneDX has garnered wide industry support, with over 220 tools now supporting the standard. This extensive 
+ecosystem demonstrates the trust and adoption by the industry, making CycloneDX a reliable and effective choice 
+for organizations looking to enhance their supply chain security and management.
+
+#### **Quotes**
+
+<blockquote class="press-release">
+<p>The ratification of CycloneDX Bill of materials specification as an Ecma International standard is a testament to 
+the effectiveness of the community model established by Technical Committee 54 (TC54). This model is a benchmark
+for future technical committees and the CycloneDX Bill of materials specification is just the beginning, with 
+several other supply chain standards expected to emerge from TC54.</p>
+<cite>Samina Husain, Secretary General of Ecma International</cite>
+</blockquote>
+
+<blockquote class="press-release">
+<p>CycloneDX Bill of materials specification recognition as an international standard is a testament to its robustness
+and wide industry adoption. It exemplifies the kind of innovative solutions the OWASP Foundation is proud to support.</p>  
+<cite>Andrew van der Stock, Executive Director of the OWASP Foundation</cite>
+</blockquote>
+
+<blockquote class="press-release">
+<p>The standardization of CycloneDX by Ecma International is a major milestone for the global technology community.
+This achievement highlights our commitment to creating secure, transparent, and manageable supply chains.</p>
+<cite>Steve Springett, Chair of the Ecma TC54 and Director of Product Security at ServiceNow</cite>
+</blockquote>
+
+#### **About Ecma Technical Committee (TC54)**
+
+The Ecma Technical Committee 54 (TC54) is responsible for drafting the CycloneDX Bill of materials specification and
+other related initiatives. Operating under a community development model, the committee is dedicated to standardizing
+core data formats, APIs, and algorithms that advance software and system transparency.
+
+Among TC54's ongoing projects is the standardization of Package URL (purl), a specification for identifying and locating
+software packages. This is crucial for managing dependencies and vulnerabilities across diverse software ecosystems.
+Another key initiative is the Transparency Exchange API, designed for the efficient sharing of supply chain artifacts 
+and intelligence, further enhancing the security and transparency of supply chains.
+
+For more information about TC54 and its initiatives, please visit [https://tc54.org](https://tc54.org).
+
+##### **About Ecma International**
+
+Ecma International is a not-for-profit industry association of technology developers, vendors, and users founded
+in 1961 and dedicated to the standardization of Information and Communication Technology (ICT) and Consumer 
+Electronics (CE). For over 60 years Ecma has actively contributed to worldwide standardization in information 
+technology and telecommunications. More than 400 Ecma Standards and 100 Technical Reports of high quality have 
+been published, more than two-thirds of which have also been adopted as International Standards and/or Technical
+Reports.
+
+To learn more or to become a member, visit [https://ecma-international.org](https://ecma-international.org).
+
+##### **About the OWASP Foundation**
+The OWASP Foundation is a nonprofit organization that works to improve the security of software. Through community-led
+open source software projects, over 260 local chapters worldwide, tens of thousands of members, and leading educational
+and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web. For
+nearly two decades corporations, foundations, developers, and volunteers have supported the OWASP Foundation and its
+work. To learn more or to become a member, visit [https://owasp.org](https://owasp.org).
+
+For more information about CycloneDX v1.6 and its benefits, please visit [https://cyclonedx.org](https://cyclonedx.org).

about/working-groups/working-groups.json

@@ -4628,5 +4628,19 @@
     "categories": [
       "contributors"
     ]
+  },
+  {
+    "displayName": "patveck",
+    "lastName": "patveck",
+    "headshot": "https://avatars.githubusercontent.com/u/3521311?v=4",
+    "organization": null,
+    "description": null,
+    "twitter": null,
+    "linkedin": null,
+    "github": "patveck",
+    "homepage": "https://github.com/patveck",
+    "categories": [
+      "contributors"
+    ]
   }
 ]

theme/_includes/tool-card.html

@@ -11,13 +11,39 @@
       <div class="card-body">{{tool.description | truncate:250}}</div>
       <div style="line-height: 3.0rem">&nbsp;</div>
       <div class="card-footer">
-        {% assign url_prefix = tool.repoUrl | slice:0,19 %}
-        {% if url_prefix == 'https://github.com/' %}
-        {%comment%}repo holds the "org/repo" name, for eg anchore/syft{%endcomment%}
-        {% assign repo = tool.repoUrl | replace:'https://github.com/','' | replace: '.git','' %}
-        <img src="https://img.shields.io/github/forks/{{repo}}.svg?style=social&label=Forks">&nbsp;
-        <img src="https://img.shields.io/github/stars/{{repo}}.svg?style=social&label=Stars">
-        {% endif%}
+        {% if tool.repoUrl contains '://github.com/' %}
+          {%comment%}
+              repo holds the "org/repo" name, for eg:
+                  https://github.com/anchore/syft
+                  https://github.com/anchore/syft/
+                  https://github.com/anchore/syft.git
+          {%endcomment%}
+          {% assign repo = tool.repoUrl | regex_replace:'^https?://github.com/','' | regex_replace:'(.git|/)$','' %}
+          <img src="https://img.shields.io/github/forks/{{repo}}?style=social&label=Forks&logo=-" alt="#forks"/>&nbsp;
+          <img src="https://img.shields.io/github/stars/{{repo}}?style=social&label=Stars&logo=-" alt="#stars"/>
+        {% elsif tool.repoUrl contains '://gist.github.com/' %}
+          {%comment%}
+              repo holds the "gistID" as last path-part segment, for eg:
+                  https://gist.github.com/jkowalleck/a0f874ee0a8af9a56a0e887631fc53d1
+                  https://gist.github.com/a0f874ee0a8af9a56a0e887631fc53d1
+                  https://gist.github.com/a0f874ee0a8af9a56a0e887631fc53d1/
+                  https://gist.github.com/a0f874ee0a8af9a56a0e887631fc53d1.git
+          {%endcomment%}
+          {% assign gistID = tool.repoUrl | regex_replace:'^https?://gist.github.com/','' | regex_replace:'(.git|/)$','' | split:'/' | last %}
+          <img src="https://img.shields.io/github/gist/stars/{{gistID}}?style=social&label=Stars&logo=-" alt="#stars"/>
+        {% elsif tool.repoUrl contains '://gitlab.com/' %}
+          {%comment%}
+              repo holds the "org/repo" name, for eg:
+                  https://gitlab.com/expliot_framework/expliot
+                  https://gitlab.com/expliot_framework/expliot/
+                  https://gitlab.com/expliot_framework/expliot.git
+          {%endcomment%}
+          {% assign repo = tool.repoUrl | regex_replace:'^https?://gitlab.com/','' | regex_replace:'(.git|/)$','' | url_encode %}
+          <img src="https://img.shields.io/gitlab/forks/{{repo}}?style=social&label=Forks&logo=-" alt="#forks"/>&nbsp;
+          <img src="https://img.shields.io/gitlab/stars/{{repo}}?style=social&label=Stars&logo=-" alt="#stars"/>&nbsp;
+        {% elsif tool.repoUrl contains '://bitbucket.org/' %}
+          {%comment%}noting we can do for this repo hoster.{%endcomment%}
+        {% endif %}
       </div>
     </a>
-</div> 
+</div> 

theme/_layouts/home.html

@@ -114,7 +114,7 @@ <h1>Introduction</h1>
                 </ul>
 
                 Strategic direction of the specification is managed by the CycloneDX Core Working Group. CycloneDX is backed by the <a href="https://owasp.org">OWASP Foundation</a>, the global information security community, and Ecma International <a href="https://tc54.org/">Technical Committee 54</a> (Software & System Transparency).
-                <br><br>OWASP Foundation is a not-for-profit member of Ecma International and is currently pursuing international Ecma standardization of the CycloneDX specification.
+                <br><br>OWASP CycloneDX is an international Bill of Materials standard ratified by Ecma International as ECMA-424.
 
             </div>
             <div class="col-md-6 col-sm-6">

theme/_sass/generic/_base.scss

@@ -219,6 +219,42 @@ blockquote {
 	margin: 0 0 1.25rem 0;
 }
 
+blockquote.press-release {
+	background: #f9f9f9;
+	border-left: 10px solid #ccc;
+	margin: 1.5em 10px;
+	padding: 0.5em 10px;
+	quotes: "\201C""\201D""\2018""\2019";
+}
+blockquote.press-release p::before {
+	color: #ccc;
+	content: "\201C";
+	font-size: 4em;
+	line-height: 0.1em;
+	margin-right: 0.25em;
+	vertical-align: -0.4em;
+}
+blockquote.press-release p::after {
+	content: "\201D";
+	font-size: 4em;
+	line-height: 0.1em;
+	margin-left: 0.25em;
+	vertical-align: -0.4em;
+	color: #ccc;
+}
+blockquote.press-release p {
+	display: inline;
+}
+blockquote.press-release cite {
+	display: block;
+	font-style: italic;
+	margin-top: 1em;
+	color: #555;
+}
+blockquote.press-release cite::before {
+	content: "\2013  ";
+}
+
 q {
 	color: $color-dark-blue;
 }