Skip to content

OpenChain Telco SBOM Guide Version 1.1

Latest

Choose a tag to compare

@vargenau vargenau released this 25 Mar 15:52
· 164 commits to main since this release
e92d083

This is a minor release of the Guide.

The following updates of the Guide have been made in version 1.1.

  • Both PackageChecksum and PackageVerificationCode are allowed as package hash.
  • The package hash is RECOMMENDED instead of MANDATORY.
  • ExternalRef is RECOMMENDED instead of MANDATORY.
  • FilesAnalyzed is no longer MANDATORY.
  • Examples are provided for the CISA SBOM Types.
  • A RECOMMENDED syntax is given for CISA SBOM Types.
  • sbomasm is a better example of SBOM merge tool.
  • Add reference to new CISA document.

An SBOM that conforms to version 1.0 of the Guide will also conform to version 1.1 of the Guide. The reverse is not true.