THE LINUX FOUNDATION PROJECTS

podence

CISA Considering New Set of Minimum Elements

CISA has requested comment on a new set of minimum elements for SBOMs (on top of the original NTiA set). This short announcement describes the process: https://www.cisa.gov/news-events/alerts/2025/08/22/cisa-requests-public-comment-updated-guidance-software-bill-materials The SPDX Tech...

A Guide to the GitHub SPDX Repo

We just published a readme file at the top level of the repository that provides a great overview of the contents and where to find what. https://github.com/spdx

Kudos for Yocto support of SPDX SBOMs

Check out this posting and the accompanying article that give a shout out to the Yocto SBOM work that Joshua Watt briefed us on at the last General Meeting. https://www.linkedin.com/posts/vpetersson_im-excited-by-yoctos-sbom-capabilities-activity-7298791001526063106-qqsc/#?lipi=urn%3Ali%3Apage%3Ad_flagship3_detail_base%3Brv%2FCdMTgS36PFZd4RZTQPg%3D%3D...

SPDX Podcast

New podcast episode of Nerding Out with Viktor is now live! In Viktor’s words: I spoke with Kate Stewart from the The Linux Foundation and Gary ONeall about the evolution...

Implementing an AI BOM

As global regulations on AI software tighten, developers face a complex set of new, ambiguous rules. The AI Software Bill of Materials (AI BOM), especially the new SPDX 3.0 with...

SBOM Adoption Paper

Check out this great new Linux Foundation paper on implementing SBOMs and how it helps with license compliance and application security. Author Ibrahim Haddid provides great insights into this important...