Skip to content

Releases: OpenChain-Project/Telco-WG

OpenChain Telco SBOM Guide Version 1.1

25 Mar 15:52
@vargenau vargenau
v1.1
e92d083
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
OpenChain Telco SBOM Guide Version 1.1 Latest
Latest

This is a minor release of the Guide.

The following updates of the Guide have been made in version 1.1.

  • Both PackageChecksum and PackageVerificationCode are allowed as package hash.
  • The package hash is RECOMMENDED instead of MANDATORY.
  • ExternalRef is RECOMMENDED instead of MANDATORY.
  • FilesAnalyzed is no longer MANDATORY.
  • Examples are provided for the CISA SBOM Types.
  • A RECOMMENDED syntax is given for CISA SBOM Types.
  • sbomasm is a better example of SBOM merge tool.
  • Add reference to new CISA document.

An SBOM that conforms to version 1.0 of the Guide will also conform to version 1.1 of the Guide. The reverse is not true.

Assets 2
Loading

OpenChain Telco SBOM Guide Version 1.0

22 May 13:21
@vargenau vargenau
v1.0
7f28413
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
OpenChain Telco SBOM Guide Version 1.0

OpenChain Telco SBOM Guide Version 1.0

Loading