#spdx — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #spdx, aggregated by home.social.
-
Goed nieuws voor de digitale weerbaarheid van de overheid: @forumstandaardisatie zal de intake van #SBOM-standaarden (#CycloneDX en #SPDX) hervatten.
Een SBOM is als een ingrediëntenlijst voor software: essentieel voor inzicht in de keten en veiligheidsbeheer.
Waarom nu?
De onzekerheid over Europese regelgeving is weggenomen:
👉 NEN-conceptnormen sluiten aan bij de praktijk.
👉 CycloneDX en SPDX worden erkend.
👉 Geen normconflicten met de EU.Lees meer: https://www.forumstandaardisatie.nl/nieuws/toetsingsprocedure-sbom-wordt-hervat
-
New #SPDX License List has been published https://github.com/spdx/license-list-XML/releases/tag/v3.28.0
It includes 33 new licenses and many markup changes to existing licenses. Many of them were added via #Fedora contributors and fedora-license-data. -
Back from #FOSDEM and working on the new European SBOM conference in Stockholm April 10th. Send me your ideas for talks!
-
The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.
https://fosdem.org/2026/schedule/event/RFFD3M-sign-your-artefacts/
-
At the #AboutCode SBOM tools workshop we talked about creating a way of continuing the discussions. I've just created a #SBOM-tools slack channel in the @orcwg space. Join us to discuss #SBOM tools and interoperability!
-
Finally, complete the v1 of spdxconv.
spdxconv is a program to convert existing licenses and copyrights into #SPDX identifiers or insert new ones. This program works in tandem with #reuse software.
Features:
* REUSE Integration: Detects annotations from REUSE.toml.
* Customizable Defaults: Set default license identifiers and copyright holders.
* Smart Comments: Customizable patterns to set comment syntax ...See https://git.sr.ht/~shulhan/spdxconv/ for more information.
-
PEP 770 was accepted in April of this year, what has happened since then?
* Published a white paper on PEP 770 and phantom dependencies
* Auditwheel, manylinux, and cibuildwheel adoption
* Over 300 projects already ship with PEP 770 SBOM data
* Fedora and Red Hat adopted PEP 770 for Python packagesRead more: https://sethmlarson.dev/pep-770-sbom-data-from-pypi-fedora-and-redhat
-
@herrfrankmann #SPDX #cybersecurity #csa #enisa #programming
https://spdx.github.io/spdx-spec/v3.0.1/serializations/#overview
"The data may be serialized in a variety of formats for storage and transmission."
"Canonical serialization is in JSON format"+ extra conditions.
Is it just me or is that really, really stupid.
How hard do you have to miss the point of defining a standard, when the output data needs further specification.
Needlessly too.
"No line breaks"
Your (standard) parser can't handle line breaks or what?!?
-
Naslednje #Kiberpipa srečanje bo
v četrtek, 11.12. ob 17h
v @muzej|u in sicer:• najprej bo @hook vodil delavnico o #REUSE dobrih praksah za označevanje svoje programske kode z #SPDX standardnimi oznakami za avtorstvo in licence. (bring your own code)
• nato bosta @franga2000 in [email protected] predstavila kako deluje Zakon o dostopu do javnih informacij (#ZDIJZ) v praksi.
https://dogodki.kompot.si/events/ee116191-fe3f-4b1f-89bd-3b0ff8d1f46e
več info in pofočkaj se ☝️ -
The SPDX community is now creating a new list — similar to the SPDX License List — but focused on cryptographic algorithms. This post shares how this effort started, its current status, the next steps, and a final call for participation.
http://toscalix.com/2025/10/14/introducing-the-spdx-cryptographic-algorithm-list-a-personal-view/
#spdx #sbom #cyclonedx #cryptography #algorithm #linuxfoundation
-
We have now updated our packaging tutorial to include PEP 639, which enables SPDX-compliant licensing: https://python-basics-tutorial.readthedocs.io/en/latest/packs/distribution.html#license-expression
#Python #Packaging #SPDX #Licensing -
One Open-source Project Daily
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
https://github.com/anchore/syft
#1ospd #opensource #containers #cyclonedx #docker #go #golang #hacktoberfest #oci #sbom #spdx #staticanalysis #tool -
New #SPDX license list has been released https://github.com/spdx/license-list-XML/releases/tag/v3.27.0 As usual, many of them were added thanks to the #Fedora license review process — many thanks to all participants.
-
Today I found a tool for checking open source licenses 🔥
📜 **feluda** — Detect license usage restrictions in your project.
💯 Supports Rust, TS, JS, Go, Python & more!
🦀 Written in Rust & built with @ratatui_rs
⭐ GitHub: https://github.com/anistark/feluda
#rustlang #ratatui #tui #license #spdx #opensource #checking #terminal #commandline
-
It was a busy week in the Syft ecosystem! We merged fixes for #SPDX package filtering, resolved some tricky upstream package issues, and improved how we handle database errors. All to give you a more reliable SBOM. 💪 https://anchorecommunity.discourse.group/t/anchore-open-source-weekly-report-week-24-2025/457
#SBOM #OpenSource #BugFix -
The OWASP Transparency Exchange API has published our first BETA release for implementors to start implementing the consumer API including the discovery. Get all the docs including the #openapi specification here: github.com/CycloneDX/tr... #OWASP #TEA #SBOM #CYCLONEDX #SPDX
Release 0.1.0-beta.1 · Cyclone... -
"The Microsoft #opensource #SBOM Tool now supports hashtag #SPDX 3.0!"
https://www.linkedin.com/posts/adriandiglio_github-microsoftsbom-tool-the-sbom-tool-activity-7328078596596469760-za87 #cybersecurity
-
The #LinuxFoundation will mentor 21 contributors in the Google Summer of Code 2025!! #GSoC
Despite having lined up many more proposals than last year we got the same amount of slots.
11 for #OpenPrinting, 3 for #AGL (Automotive Grade Linux, 2 for each of #SPDX and #IIO (Industrial I/O), and 1 for each of #SOF (Sound Open Firmware), #Zephyr, and #KWorkflow.
See Google's announcements of the projects:
https://summerofcode.withgoogle.com/programs/2025/organizations/the-linux-foundation
-
Snow on the SO5CW webcam this morning! 425 QSOs in the #SPDX #Contest so far. Come join the contest: https://spdxcontest.pzk.org.pl/2025/ #hamradio
-
The #LinuxFoundation is accepted as mentoring organization in the Google Summer of Code #GSoC #GSoC2025!
Amazing project ideas are waiting for awesome contributors: From #OpenPrinting, #Zephyr, Automotive Grade Linux #AGL, Industrial I/O #IIO, Sound Open Firmware #SOF, #SPDX, Automating Linux kernel workflows #kworkflow
https://summerofcode.withgoogle.com/programs/2025-ao/organizations/the-linux-foundation
Project ideas and how to apply:
https://wiki.linuxfoundation.org/gsoc/google-summer-code-2025If interested to be a contributor or mentor contact us ASAP! Do not wait for the deadline.