This is an ongoing discussion in the UEFI SBOM sub-team working group and we are aware of this PR. If you want feedback from that team, you can send email to usbt@uefi.org .

 

Dick

SBOM WG Vice-Chair

 

From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Leif Lindholm via groups.io
Sent: Thursday, December 12, 2024 6:33 AM
To: devel@edk2.groups.io; discuss@edk2.groups.io
Cc: Richard Hughes <richard@hughsie.com>; Kinney, Michael D <michael.d.kinney@intel.com>; Andrew Fish <afish@apple.com>
Subject: [edk2-devel] SBOM template for edk2

 

[Caution, this message was sent from an external sender.]

 

Hi all,

Richard submitted a PR to add an SBOM .cdx.json template to the main repository:
https://github.com/tianocore/edk2/pull/6455

This is a good thing, but I think we could do with some feedback from
some of our
downstream consumers.

I know there has been work ongoing inside UEFI forum around SBOM for
UEFI firmware,
and it might be useful for some of the people that have been more
involved there to pitch
in. Mike, do you know some appropriate people to ping?

/
Leif


_._,_._,_
Groups.io Links:

You receive all messages sent to this group.

View/Reply Online (#120899) | | Mute This Topic | New Topic
Your Subscription | Contact Group Owner | Unsubscribe [rebecca@openfw.io]

_._,_._,_