News & Announcements
Aug 2, 2023
A Step-by-Step Guide to Signing an SPDX SBOM with Sigstore’s Cosign
This post was written with the inestimable help of Luke Hinds of the Sigstore community who heped review it and edit it. As software supply chain security becomes increasingly important, organizations are looking for robust methods to verify the integrity and authenticity of their software components. One such approach is the…
Jul 25, 2023
Leveraging Profiles for License Compliance: Insights from SPDX Mini Summit
The SPDX Mini Summit, held at the Open Source Summit North America 2023, brought together industry experts to discuss the latest developments in open software at large. The focus of this year’s session though, was software supply chain. The SPDX mini summit was thus one of the highlights of the…
Jul 18, 2023
Providing Transparency at Software Development’s core process: build time.
The SPDX mini summit held at the prestigious Open Source Summit North America 2023 in Vancouver, Canada, brought together industry experts to discuss cutting-edge developments in software development. Among the standout presentations was the talk by Brandon Lum and Nisha Kumar, where they shed light on the transformative potential of…
Jun 27, 2023
Unraveling the World of Software Bill of Materials: A Brief Guide
by Jeff Shapiro & Gary O'Neall SPDX 3.0 Mini Summit OSSNA 2023 🇨🇦 blog post series This post is a bit of an oddball because, technically, this talk did not take place during the SPDX mini summit. It was part of Supply Chain Security Con hosted at OSSNA 2023. But…
Jun 19, 2023
SPDX Projects in Google Summer of Code 2023
Google Summer of Code Google Summer of Code (GSoC) is an international annual program, first held in 2005, that encourages and incentivizes newcomers to open source to spend their summer working on open source projects. It's organized by Google with the goal of encouraging more participation in open source development.…