Skip to content

[Improvement] SBOM Quality Guide - Appendix 1 future structure and expansionΒ #377

New issue
New issue
Open
Open
[Improvement] SBOM Quality Guide - Appendix 1 future structure and expansion#377
Labels
improvement
@shanecoughlan

Description

@shanecoughlan
shanecoughlan
opened on Apr 22, 2025

My suggestion is to use the Appendix 1 section as a series of samples (not just one), so it can be "library" of examples.

This is the file I am considering:
https://github.com/OpenChain-Project/OpenChain-JWG/blob/master/subgroups/sbom-sg/outcomes/QualityGuide/SBOM-Quality-Guide-TOC.en.md#appendix-1-sbom-sample

My example is below:

Appendix-1. SBOM Sample

This section contains sample SBOM files written in JSON format, which adheres to the specifications and includes exemplary values. It is intended for review by experts familiar with the SPDX and CycloneDX specifications.

To

Appendix-1. SBOM Samples

This section contains sample SBOM file written in JSON format, which adheres to the specifications and includes exemplary values. It is intended for review by experts familiar with the SPDX and CycloneDX specifications.

Appendix-1.1 SPDX for NTIA

Appendix-1.2 CycloneDX for NTIA

Appendix-1.3 SPDX for CRA

Appendix-1.4 CycloneDX for CRA

Appendix-1.5 SPDX for NTIA + CRA

Appendix-1.6 CycloneDX NTIA + CRA

Metadata

Metadata

Assignees

No one assigned

    Labels

    improvement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions