The Linux Foundation Projects
Skip to main content

News & Announcements

Oct 3, 2025

SPDX Responds to CISA Minimum Elements RFC

About a month ago, CISA requested industry/community comment on a proposed new minimum set of SBOM elements to replace the original NTIA list. Few people on the planet have thought as much about what belongs in an SBOM than the SPDX tech team which took up the discussion. With input…

Sep 19, 2025

CISA Considering New Set of Minimum Elements

CISA has requested comment on a new set of minimum elements for SBOMs (on top of the original NTiA set). This short announcement describes the process: https://www.cisa.gov/news-events/alerts/2025/08/22/cisa-requests-public-comment-updated-guidance-software-bill-materials The SPDX Tech Team will be responding to the request for comments and will report back to the SPDX community.

Sep 17, 2025

SBOM Vision

In collaboration with NSA and a number of foreign cybersecurity agencies, CISA just just published this easily consumable SBOM vision document. https://www.cisa.gov/sites/default/files/2025-09/joint-guidance-a-shared-vision-of-software-bill-of-materials-for-cybersecurity_508c.pdf

Jul 29, 2025

A Guide to the GitHub SPDX Repo

We just published a readme file at the top level of the repository that provides a great overview of the contents and where to find what. https://github.com/spdx

Mar 5, 2025

Kudos for Yocto support of SPDX SBOMs

Check out this posting and the accompanying article that give a shout out to the Yocto SBOM work that Joshua Watt briefed us on at the last General Meeting. https://www.linkedin.com/posts/vpetersson_im-excited-by-yoctos-sbom-capabilities-activity-7298791001526063106-qqsc/#?lipi=urn%3Ali%3Apage%3Ad_flagship3_detail_base%3Brv%2FCdMTgS36PFZd4RZTQPg%3D%3D https://sbomify.com/2025/02/21/mastering-sbom-generation-with-yocto/