Understanding how components interact is key for providing support for #security, #compliance and other #software supply chain use cases. Our free "Generating a Software Bill of Materials" course can help! bit.ly/3d1axHq #learnlinux #opensource #sbom #developer

Is now the right time to take a course on how to generate SBOMs? Glad you asked 🤗@LF_Training has a free one! training.linuxfoundation.org/training/gener…

I recently interviewed Tyler Pirtle from the Blaze/Bazel teams about topologies, vocabularies and why Google decided to provide support for SPDX SBOM within Blaze/Bazel.

Up next in Flock To Fedora... Watch live! #Fedora #FlockToFedora #FlockIreland #RHEL #FedoraDocs RHEL development in public: sched.co/1Or1p Fedora Docs plans and how to contribute: sched.co/1Or0N SPDX vs Fedora: sched.co/1Or1S

A Step-by-Step Guide to Signing an SPDX SBOM with sigstore's Cosign spdx.dev/a-step-by-step…

Interested in #SBOM, software supply chain, and advances in vuln management? Our team created a little guide of relevant talks and events in Vegas next week. Note that we'll have 2 SBOM meetups, one at BSides and the other at DEF CON. Hope to see you! docs.google.com/document/d/1K1…

fransbouma.bsky.social Mårten Rånge You can do this automatically now (almost). Need to generate an SBOM (SPDX format for example) and then load that in GUAC. Then you'll have a list of all your transitive deps, vulns in them, and more. Disclaimer: I'm a maintainer. github.com/guacsec/guac

Deciphering VEX and SPDX: A Deep Dive into Software Vulnerability Analysis and Reporting by puerco spdx.dev/deciphering-ve…

Cisco announces SBOMs for recent @cisco products. Great Jeff Schutt blog highlighting 1) the importance of transparency, 2) acknowledging that #SBOM implementation will be a journey, but that 3) we all have to start now for better #supplychain security blogs.cisco.com/security/demon…

SPDX Release Candidate 2 will soon be ready. In the meantime, please check the RC1 if you done so yet spdx.dev/spdx-announces…

The upcoming SPDX SBOM v3.0 will include major changes from the current v2.3, including new support for AI, datasets, build information, and more. Here's a preview of what to expect. #SBOM SPDX fossa.com/blog/spdx-3-0/

“Behind the scenes with SPDX contributor Maximilian Huber” 🎧 Listen to the full episode with host DJ Schleen and Maximilian Huber: dabom.show/maximilian-hub… 📌 @djschleen Maximilian Huber TNG Technology Consulting GmbH #spdx #daBOM The Linux Foundation #sbom #devops #devsecops

We will be streaming live our chat with Microsoft's Adrian Diglio in a few minutes. Join here at the top of the hour hubs.la/Q020y8GZ0 Adrian succesfully made Microsoft an SPDX powerhouse hubs.la/Q020y6z40

.The Linux Foundation's Kate Stewart introduces SPDX SBOM and the relationship between #SBOMs and SPDX in this #ELISASeminar. hubs.la/Q020HPTc0 @projecelisa #opensource #SBOM #safetycritical SPDX

We are thrilled to announce the release of SPDX 3.0, introducing a comprehensive set of updates, encompassing the model, specification, and license list, with the new addition of SPDX profiles to handle modern system use cases. Read the announcement: hubs.la/Q02s_TLM0

#SPDX 3.0 now supports #SBOMs for #AI applications - The Linux Foundation's Kate Stewart shares all the details in this TFiR video. hubs.la/Q02wLhcg0 SPDX SPDX SBOM Americans Against Trump #opensource #SBOM