Greetings Committers.
During this week's (online) office hours, I'd like to spend a few minutes updating you on our status with regard to the creation of SBOMs, and ask for your help.
The short version is that generating SBOMs directly as part of your build, and (at least in the case of Maven) sharing them to the software repository is relatively straightforward. To really leverage the the tools to generate SBOMs, however, we need your help to tighten up the metadata captured in your build scripts (e.g., capture license information as SPDX expressions in your pom.xml file) and update your builds to generate the SBOMs. We've started capturing information
here. Merge requests, issues, and comments welcome.
Date: October 12, 2023
Time: 1330h UTC
See you then!
While I have your attention... I'm looking forward to meeting with those
of you who are attending EclipseCon next week in Ludwigsburg. The EMO
will have a booth set up near the registration area when you can come
and chat with the project, security, and IT teams. If you have
questions, please bring them to us at the booth (or feel free to
intercept us anywhere in the conference venue).
Our office hours calendar, along with links to recordings is available
here.
Wayne
-- Wayne Beaton
Director of Open Source Projects | Eclipse Foundation
My working day may not be your working day! Please don’t feel obliged to read or reply to this e-mail outside of your normal working hours.