Replies: 5 comments
-
|
Now that KubeCon is over, we can see that Software Bill of Materials (SBOM) has been a relatively hot topic. On September 9, SPDX became an ISO standard, and has seen widespread adoption. While we should not necessary spend time on adding it to all existing files, we should have an updated template for newly created files including it. |
Beta Was this translation helpful? Give feedback.
-
|
CN-WAN operator done: CloudNativeSDWAN/cnwan-operator#70 |
Beta Was this translation helpful? Give feedback.
-
|
CN-WAN reader done: CloudNativeSDWAN/cnwan-reader#40 |
Beta Was this translation helpful? Give feedback.
-
|
CN-WAN adaptor done: CloudNativeSDWAN/cnwan-adaptor@b36a794 |
Beta Was this translation helpful? Give feedback.
-
|
CN-WAN automation done: CloudNativeSDWAN/cnwan-automation@5e5b3c4 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
SPDX (Software Package Data Exchange) is "an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. SPDX reduces redundant work by providing a common format for companies and communities to share important data, thereby streamlining and improving compliance."
Some open source software includes the SPDX license identifier in the copyright header. The main benefit is for automatic license scanning software to identify the license with 100% certainty for compliance. It doesn't cost much (just adding it to the file header template) but it may be handy later...
Beta Was this translation helpful? Give feedback.
All reactions