SBOM working groups
CycloneDX
To get in touch with the CycloneDX community you best join the CycloneDX Slack. Further information and invitation link is provided on the CycloneDX participate page.
SPDX
SPDX published their open workstreams in the following Github repository
General meeting First Thursday of the month @11am ET
- Description: General call with general updates, updates from each Team, and sometimes guest speakers (e.g., talks on how people are using SPDX, GSoC student presentations, etc.)
- Jitsi meeting
- Meeting minutes and agendas
Tech Team meetings Thursday @12am ET
- Descriptions: Regular meeting to work on drafting new versions of the SPDX specification and to discuss technical documentation and official SPDX libraries.
- Jitsi meeting
- Meeting minutes and agendas
Legal Team meetings Every other Thursday @12am ET
- Descriptions: Regular meeting to discuss submissions to SPDX License List, other license list related work, license-related aspects of the SPDX specification, and other related projects.
- .ics files for invites: second Thursdays, fourth Thursdays
- Meeting minutes and agendas
Outreach Team meetings Monday @10am ET
- Descriptions: Regular meeting to coordinate public relations efforts and discuss current projects.
- Jitsi meeting
- Meeting minutes and agendas
Sub-groups for specific topics
Security Profile group meetings Wednesdays @2pm ET
- Description: Regular meeting to discuss representation of software vulnerability metadata in the SPDX specification including vulnerability identifiers, status, mitigations and remediations.
- Jitsi meeting
- Meeting minutes and agendas
Implementers group meetings Wednesdays @11am ET
- Description: Regular meeting for tool creators implementing the SPDX specification to meet and compare notes
- Jitsi meeting
- Meeting minutes and agendas
AI and Data Profiles group meetings Wednesdays @3pm ET
- Description: Regular meeting to discuss how the SPDX specification can better support and track artificial intelligence and machine learning use-cases.
- Jitsi meeting
- Meeting minutes and agendas
Functional Safety Profile group meetings Friday @12am ET
- Description: Regular meeting to discuss how the SPDX specification can better support and track functional safety plans.
- Jitsi meeting
- Meeting minutes and agendas
Serialisation Focus Group meetings Thursday @11am ET
- Description: Regular meeting to discuss the serialisation formats for SPDX, enumerating the use cases for serialisation and determining stakeholder preferences.
- Jitsi meeting
Software as a Service Profile group meetings Every other Monday @1pm ET
- Description: Regular meeting to discuss how the SPDX specification can better support and track SAAS use cases.
- Jitsi meeting
Hardware Profile group meetings Friday @9am ET
- Description: Regular meeting to discuss how the SPDX specification can extend to support firmware, FPGAs, Open Hardware Boards, SOCs, IP blocks, Cores in physical and virtual environments.
- Jitsi meeting
- Meeting minutes and agendas
Operations group meetings Friday @9:30am ET
- Descriptions: Regular meeting focused on the additional information that an organization may wish to associate with a package, for effective management of these artifacts within business operations.
- Jitsi meeting
- Meeting minutes and agendas
CISA
CISA hosts several working groups that meet on a weekly basis. The original meeting notes can be found here. Reach out to SBOM@cisa.dhs.gov to get an invite or further information.
- CISA SBOM Events Calendar A calendar for all SBOM related workstreams and upcoming events.
SBOM Community Central Meeting Monday @11am ET
VEX sub-group Monday @10am ET
SBOM adoption work stream Tuesday @12pm ET
SBOM tooling work stream Thursday @3pm ET
OpenSSF (SBOM everywhere) Every other Tuesday @11am ET
The SBOM Everywhere Special Interest Group came from OpenSSF’s Open Source Software Security Mobilization Plan. The SBOM Everywhere SIG focuses on improving SBOM tooling and training to drive adoption. It's also running this site. Further information in the about us section.
Anchore OSS Community Meeting Every other Thursday @11am ET
Anchore is hosting a community meeting for their open source projects Syft and Grype.