另一个 BOM 标准：CycloneDX

[will-ww]

OWASP CycloneDX is a lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.

参考资料：

• https://www.settletop.com/insights/understanding-sbom-standards-cyclonedx-spdx-swid
• https://qunkong.com.cn/39588/%E4%BD%BF%E7%94%A8%E8%BD%AF%E4%BB%B6%E7%89%A9%E6%96%99%E6%B8%85%E5%8D%95%E6%8E%A8%E5%8A%A8%E5%8F%98%E6%9B%B4%E5%B9%B6%E9%99%8D%E4%BD%8E%E9%A3%8E%E9%99%A9/
• https://best.practices.cloud/2021/06/03/CNCF-supply-chain-security.html
• https://zhuanlan.zhihu.com/p/404951634

[wangleo61]

CycloneDX这个标准也是和SPDX越来越被很多组织认可哈 Leo 发件人: Will ***@***.***> 发送时间: Tuesday, May 10, 2022 10:01 AM 收件人: ***@***.***> 抄送: ***@***.***> 主题: [kaiyuanshe/ONES] 另一个 BOM 标准：CycloneDX (Discussion #83) OWASP CycloneDX is a lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. 参考资料： * https://www.settletop.com/insights/understanding-sbom-standards-cyclonedx-spdx-swid * https://qunkong.com.cn/39588/%E4%BD%BF%E7%94%A8%E8%BD%AF%E4%BB%B6%E7%89%A9%E6%96%99%E6%B8%85%E5%8D%95%E6%8E%A8%E5%8A%A8%E5%8F%98%E6%9B%B4%E5%B9%B6%E9%99%8D%E4%BD%8E%E9%A3%8E%E9%99%A9/ * https://best.practices.cloud/2021/06/03/CNCF-supply-chain-security.html * https://zhuanlan.zhihu.com/p/404951634 ― Reply to this email directly, view it on GitHub<#83>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AO5RA34R5F3JGPILIO5BWBTVJG7QRANCNFSM5VQAVALQ>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>