Snow on the SO5CW webcam this morning! 425 QSOs in the #SPDX #Contest so far. Come join the contest: https://spdxcontest.pzk.org.pl/2025/ #hamradio

How do #SBOMs fit into #AI, hardware, and critical infrastructure?
SBOMs transformed from static documents to dynamic, database-driven knowledge systems that can scale with today's complex software ecosystems. This session will provide a forward-looking perspective on where SBOM technology is heading, focusing on recent developments in SPDX 3.0 and upcoming features in SPDX 3.1.
Kate Stewart (#SPDX) and Alan Pope (Anchore) discuss the expanding role of SBOMs in modern ... https://get.anchore.com/future-of-sboms-with-kate-stewart/

#SPDX 3.0 and the Future of #SBOMs—What's Next? Kate Stewart, a leading force behind SPDX, and Alan Pope of Anchore discuss the latest advancements in SBOMs, regulatory shifts, and integration strategies. Live on March 24 at 10 AM PT. Secure your spot: https://get.anchore.com/future-of-sboms-with-kate-stewart/ https://get.anchore.com/future-of-sboms-with-kate-stewart/

#SBOMs are evolving—are you ready? Join Kate Stewart (#SPDX) and Alan Pope (Anchore) on March 24 at 10 AM PT as they explore the next phase of SBOM adoption, including SPDX 3.0/3.1, AI/ML applications, and deeper CI/CD integration. Register now: https://get.anchore.com/future-of-sboms-with-kate-stewart/

... Und schon wieder eine Idee für einen Artikel für die #heimatseite im #zwischennetz. Dieses Mal #java, #sbom, #spdx #apacheant , #apacheivy und #maven ...

SBOMs are more than an inventory—they're a critical tool for securing modern software development. Our latest guide breaks down @SBOM fundamentals, key standards like #SPDX and #CycloneDX, and real-world use cases for security, compliance, and DevSecOps. Download now https://get.anchore.com/sbom101-guide-for-devsecops-community/

The #LinuxFoundation is accepted as mentoring organization in the Google Summer of Code #GSoC #GSoC2025!

Amazing project ideas are waiting for awesome contributors: From #OpenPrinting, #Zephyr, Automotive Grade Linux #AGL, Industrial I/O #IIO, Sound Open Firmware #SOF, #SPDX, Automating Linux kernel workflows #kworkflow

https://summerofcode.withgoogle.com/programs/2025-ao/organizations/the-linux-foundation

Project ideas and how to apply:
https://wiki.linuxfoundation.org/gsoc/google-summer-code-2025

If interested to be a contributor or mentor contact us ASAP! Do not wait for the deadline.

New in Syft v1.20.0: Bitnami embedded #SBOM support for maximum accuracy + smarter license detection that preserves original text even when #SPDX matching fails. Get the most accurate SBOMs possible! #CyberSecurity
https://anchore.com/blog/syft-1-20-faster-scans-smarter-license-detection-and-enhanced-bitnami-support/

Want to parse/validate open source licenses in Rust? Check this out.

**spdx**: Helper crate for SPDX expressions.

Docs: https://docs.rs/spdx

GitHub: https://github.com/EmbarkStudios/spdx

I’ve just seen that pip now supports License-Expression in pip show: https://pip.pypa.io/en/stable/news/#features
#pip #spdx #Python #Licensing

pip can now show SPDX license expressions

https://ichard26.github.io/blog/2025/01/whats-new-in-pip-25.0/#pep-639-spdx-license-expressions

All the pieces (I use) are now in place for PEP 639 ("Improving License Clarity with Better Package Metadata"). Thanks to contributors and maintainers of at least 6 projects and of course Karolina Surma for the PEP! discuss.python.org/t/pep-639-ro... #Python #PEP639 #PyPI #SPDX #licensing

All the pieces (that I use) are now in place for PEP 639 ("Improving License Clarity with Better Package Metadata")!

I made sure to use latest Hatchling 1.27, added `license-files = [ "LICENSE" ]`, and deleted the deprecated licence Trove classifier.

Thanks to contributors and maintainers of PyPI, packaging, Hatchling, Twine, PyPI publish GitHub Action, build-and-inspect-python-package and of course @karo for the PEP+spec!

https://discuss.python.org/t/pep-639-round-3-improving-license-clarity-with-better-package-metadata/53020/172

T-1 hour for our 2nd webinar in our #SBOM series: Understanding SBOMs: Deep Dive with Kate Stewart. Join us to learn about #SPDX format, SBOMs for license compliance and how #OSS #LLMs impact SBOM generation and analysis. Sign up https://get.anchore.com/deep-dive-with-kate-stewart/

TOMORROW Join our live #webinar with Kate Stewart with crucial insights into #SBOMs and their evolving role in modern #software #development. Learn about #SPDX and so much more. Save your seat https://get.anchore.com/deep-dive-with-kate-stewart/

After our first webinar introduction on #SBOM basics, we are continuing our educational series with a deeper dive "Understanding SBOMs: Deep Dive with Kate Stewart". Topics include:
- History of SBOM and the development of #SPDX
- Are SBOMs only for #license #compliance?
- What role do SBOMs play when building systems with safety-critical considerations
- How emerging tech like #OSS #LLMs can impact SBOM generation and analysis?

Register Now https://get.anchore.com/deep-dive-with-kate-stewart/

WEBINAR ALERT We're excited to invite you to an exclusive #SBOM #webinar featuring Kate Stewart, co-founder of #SPDX and a leading authority in #software #supplychain #security. Save your seat https://get.anchore.com/deep-dive-with-kate-stewart/

Kick off 2025 right! Join our weekly #SBOM webinar series starting Jan 14. Learn from experts like Kate Stewart (#SPDX) & Steve Springett (#CycloneDX) and master the art of securing your software supply chain.

Read the blog post to get a sneak peek. https://anchore.com/blog/all-things-sbom-in-2025-a-weekly-webinar-series/