[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SBoM for Comply to Connect
|
Iâm sending this to both the plugfest mailing list and the openC2 Language Subcommittee â apologies to those that get two copies. LSC: Per the discussion at the LSC meeting today, I have drafted the first part of my action item. Please see
https://github.com/oasis-tcs/openc2-usecases/blob/master/Cybercom-Plugfest/sbom-github.md for explanation of SBoM and
a proposed JSON for the âquery sbomâ command. There were multiple ways I could have done it (hence the need for standardization) but I chose to add âsbomâ as choice in the âquery featuresâ command similar to asking for actuator profile or version. I included
an example in the text above. I have no vested interest in this particular way of doing it and I am open to alternative suggestions â I even tried to get others to âgo firstâ with other proposals but couldnât find volunteers.
So have at it with your red pens. Once we can agree on a approach, then Iâll move on to part 2 of my action item which is changing the language spec to include the new items introduced in this command: sbom, sbom_type["swid", "sdpx", "cyclonedx"],"sbom_depth"[âcompleteâ,
âunknownâ, âone-hopâ],sbom_manifest â or whatever we decide replaces them. Note I put this in the plugfest directory so it should be visible to the plugfest participants (and hopefully they will implement it), but I did not include them on this email since only OASIS members are
allowed to input into these deliberations. Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/ |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]