#spdx — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #spdx, aggregated by home.social.
-
Moet de overheid SBOM-standaarden (CycloneDX & SPDX) verplicht toepassen?
Forum Standaardisatie onderzoekt dit en zoekt experts uit publieke en private sector om mee te denken. Uw kennis over softwarebeveiliging helpt ons bij de toetsing voor de ‘Pas toe of leg uit’-lijst.
📆 25 juni 2026, 10:00-14:00 (midden-Nederland)
Lunch is inbegrepen.📧 Interesse? Mail ons: [email protected]
-
Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.
Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.
Waarom nu?
De onzekerheid over Europese regelgeving is weggenomen:
👉 NEN-conceptnormen sluiten aan bij de praktijk.
👉 CycloneDX en SPDX worden erkend.
👉 Geen normconflicten met de EU.Lees meer: https://www.forumstandaardisatie.nl/nieuws/toetsingsprocedure-sbom-wordt-hervat
-
Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.
Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.
Waarom nu?
De onzekerheid over Europese regelgeving is weggenomen:
👉 NEN-conceptnormen sluiten aan bij de praktijk.
👉 CycloneDX en SPDX worden erkend.
👉 Geen normconflicten met de EU.Lees meer: https://www.forumstandaardisatie.nl/nieuws/toetsingsprocedure-sbom-wordt-hervat
-
Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.
Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.
Waarom nu?
De onzekerheid over Europese regelgeving is weggenomen:
👉 NEN-conceptnormen sluiten aan bij de praktijk.
👉 CycloneDX en SPDX worden erkend.
👉 Geen normconflicten met de EU.Lees meer: https://www.forumstandaardisatie.nl/nieuws/toetsingsprocedure-sbom-wordt-hervat
-
Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.
Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.
Waarom nu?
De onzekerheid over Europese regelgeving is weggenomen:
👉 NEN-conceptnormen sluiten aan bij de praktijk.
👉 CycloneDX en SPDX worden erkend.
👉 Geen normconflicten met de EU.Lees meer: https://www.forumstandaardisatie.nl/nieuws/toetsingsprocedure-sbom-wordt-hervat
-
Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.
Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.
Waarom nu?
De onzekerheid over Europese regelgeving is weggenomen:
👉 NEN-conceptnormen sluiten aan bij de praktijk.
👉 CycloneDX en SPDX worden erkend.
👉 Geen normconflicten met de EU.Lees meer: https://www.forumstandaardisatie.nl/nieuws/toetsingsprocedure-sbom-wordt-hervat
-
New #SPDX License List has been published https://github.com/spdx/license-list-XML/releases/tag/v3.28.0
It includes 33 new licenses and many markup changes to existing licenses. Many of them were added via #Fedora contributors and fedora-license-data. -
Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!
-
Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!
-
Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!
-
Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!
-
Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!
-
The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.
https://fosdem.org/2026/schedule/event/RFFD3M-sign-your-artefacts/
-
The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.
https://fosdem.org/2026/schedule/event/RFFD3M-sign-your-artefacts/
-
The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.
https://fosdem.org/2026/schedule/event/RFFD3M-sign-your-artefacts/
-
The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.
https://fosdem.org/2026/schedule/event/RFFD3M-sign-your-artefacts/
-
The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.
https://fosdem.org/2026/schedule/event/RFFD3M-sign-your-artefacts/
-
At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!
-
At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!
-
At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!
-
At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!
-
At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!
-
Finally, complete the v1 of spdxconv.
spdxconv is a program to convert existing licenses and copyrights into #SPDX identifiers or insert new ones. This program works in tandem with #reuse software.
Features:
* REUSE Integration: Detects annotations from REUSE.toml.
* Customizable Defaults: Set default license identifiers and copyright holders.
* Smart Comments: Customizable patterns to set comment syntax ...See https://git.sr.ht/~shulhan/spdxconv/ for more information.
-
PEP 770 was accepted in April of this year, what has happened since then?
* Published a white paper on PEP 770 and phantom dependencies
* Auditwheel, manylinux, and cibuildwheel adoption
* Over 300 projects already ship with PEP 770 SBOM data
* Fedora and Red Hat adopted PEP 770 for Python packagesRead more: https://sethmlarson.dev/pep-770-sbom-data-from-pypi-fedora-and-redhat
-
PEP 770 was accepted in April of this year, what has happened since then?
* Published a white paper on PEP 770 and phantom dependencies
* Auditwheel, manylinux, and cibuildwheel adoption
* Over 300 projects already ship with PEP 770 SBOM data
* Fedora and Red Hat adopted PEP 770 for Python packagesRead more: https://sethmlarson.dev/pep-770-sbom-data-from-pypi-fedora-and-redhat
-
PEP 770 was accepted in April of this year, what has happened since then?
* Published a white paper on PEP 770 and phantom dependencies
* Auditwheel, manylinux, and cibuildwheel adoption
* Over 300 projects already ship with PEP 770 SBOM data
* Fedora and Red Hat adopted PEP 770 for Python packagesRead more: https://sethmlarson.dev/pep-770-sbom-data-from-pypi-fedora-and-redhat
-
PEP 770 was accepted in April of this year, what has happened since then?
* Published a white paper on PEP 770 and phantom dependencies
* Auditwheel, manylinux, and cibuildwheel adoption
* Over 300 projects already ship with PEP 770 SBOM data
* Fedora and Red Hat adopted PEP 770 for Python packagesRead more: https://sethmlarson.dev/pep-770-sbom-data-from-pypi-fedora-and-redhat
-
PEP 770 was accepted in April of this year, what has happened since then?
* Published a white paper on PEP 770 and phantom dependencies
* Auditwheel, manylinux, and cibuildwheel adoption
* Over 300 projects already ship with PEP 770 SBOM data
* Fedora and Red Hat adopted PEP 770 for Python packagesRead more: https://sethmlarson.dev/pep-770-sbom-data-from-pypi-fedora-and-redhat
-
@herrfrankmann #SPDX #cybersecurity #csa #enisa #programming
https://spdx.github.io/spdx-spec/v3.0.1/serializations/#overview
"The data may be serialized in a variety of formats for storage and transmission."
"Canonical serialization is in JSON format"+ extra conditions.
Is it just me or is that really, really stupid.
How hard do you have to miss the point of defining a standard, when the output data needs further specification.
Needlessly too.
"No line breaks"
Your (standard) parser can't handle line breaks or what?!?
-
Naslednje #Kiberpipa srečanje bo
v četrtek, 11.12. ob 17h
v @muzej|u in sicer:• najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)
• nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.
https://dogodki.kompot.si/events/ee116191-fe3f-4b1f-89bd-3b0ff8d1f46e
več info in pofočkaj se ☝️ -
Naslednje #Kiberpipa srečanje bo
v četrtek, 11.12. ob 17h
v @muzej|u in sicer:• najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)
• nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.
https://dogodki.kompot.si/events/ee116191-fe3f-4b1f-89bd-3b0ff8d1f46e
več info in pofočkaj se ☝️ -
Naslednje #Kiberpipa srečanje bo
v četrtek, 11.12. ob 17h
v @muzej|u in sicer:• najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)
• nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.
https://dogodki.kompot.si/events/ee116191-fe3f-4b1f-89bd-3b0ff8d1f46e
več info in pofočkaj se ☝️ -
Naslednje #Kiberpipa srečanje bo
v četrtek, 11.12. ob 17h
v @muzej|u in sicer:• najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)
• nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.
https://dogodki.kompot.si/events/ee116191-fe3f-4b1f-89bd-3b0ff8d1f46e
več info in pofočkaj se ☝️ -
Naslednje #Kiberpipa srečanje bo
v četrtek, 11.12. ob 17h
v @muzej|u in sicer:• najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)
• nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.
https://dogodki.kompot.si/events/ee116191-fe3f-4b1f-89bd-3b0ff8d1f46e
več info in pofočkaj se ☝️ -
The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.
http://toscalix.com/2025/10/14/introducing-the-spdx-cryptographic-algorithm-list-a-personal-view/
#spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation
-
The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.
http://toscalix.com/2025/10/14/introducing-the-spdx-cryptographic-algorithm-list-a-personal-view/
#spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation
-
The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.
http://toscalix.com/2025/10/14/introducing-the-spdx-cryptographic-algorithm-list-a-personal-view/
#spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation
-
The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.
http://toscalix.com/2025/10/14/introducing-the-spdx-cryptographic-algorithm-list-a-personal-view/
#spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation
-
The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.
http://toscalix.com/2025/10/14/introducing-the-spdx-cryptographic-algorithm-list-a-personal-view/
#spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation
-
We have now updated our packaging tutorial to include PEP 639, which enables SPDX-compliant licensing: https://python-basics-tutorial.readthedocs.io/en/latest/packs/distribution.html#license-expression
#Python #Packaging #SPDX #Licensing -
One Open-source Project Daily
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
https://github.com/anchore/syft
#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool -
One Open-source Project Daily
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
https://github.com/anchore/syft
#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool -
One Open-source Project Daily
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
https://github.com/anchore/syft
#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool -
One Open-source Project Daily
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
https://github.com/anchore/syft
#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool -
One Open-source Project Daily
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
https://github.com/anchore/syft
#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool