docs(guide): 2026 기업 오픈소스 관리 가이드 개선 (1차)#253
Merged
haksungjang merged 5 commits intomasterfrom Mar 25, 2026
Merged
Conversation
Previous content incorrectly described the Python `osv-db` library. Replaced with correct description of Google's Go-based OSV-SCALIBR CLI tool, including installation, basic usage, and CI/CD integration examples. Also add TODO.md for tracking 2026 guide improvement tasks. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The link to the policy template's section 5 had a double-hash (##) which is invalid as an HTML anchor fragment identifier. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replaced hardcoded absolute URLs pointing to the archived governance_iso5230 appendix with relative links to the new tools/ section pages. - FOSSology: → ../../tools/1-fossology/ - SW360 (×2): → ../../tools/2-sw360/ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ments Policy template (1-policy): - §4.3: add compliance artifact archive period (min 3y, ISO 5230 §3.4.1.2) - §4.4: add SPDX/CycloneDX format adoption declaration (ISO 18974 §3.3.1.2) - §5.1: add CVSS-based remediation deadline (Critical 1w/High 4w, ISO 18974 §3.3.2.1) - §5.1: add vulnerability record retention period (min 3y, ISO 18974 §3.3.2.2) - §9.3: add external inquiry record retention period (min 3y, ISO 18974 §3.2.1.2) Process template (2-process-template): - (6) 등록: add SBOM format validation before registration - (9) 배포: add SBOM customer delivery procedure - (11) 모니터링: add SBOM update triggers - §(6) 취약점 기록: add 3-year retention requirement Navigation: - 3-process: add link to process template at end of page - 4-tool: add FOSSLight tools/ link Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- tools/5-cdxgen: OWASP CycloneDX generator (20+ ecosystems, CI/CD integration) - tools/6-syft: Anchore SBOM generator (SPDX/CycloneDX, Grype integration) - tools/7-dependency-track: OWASP continuous SBOM monitoring platform All pages follow the established tools/ page structure with: introduction, key features, installation, basic usage, CI/CD examples, references. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
개요
2026년 기준으로 기업 오픈소스 관리 가이드를 개선합니다.
ISO/IEC 5230(오픈소스 컴플라이언스)과 ISO/IEC 18974(보안 보증) 두 표준을 기반으로 합니다.
변경 사항
오류 수정 (4건)
2-policyL135 앵커 오타 수정 (##→#)4-toolFOSSology 링크 구버전 → 신버전 교체4-toolSW360 링크 구버전 → 신버전 교체정책 템플릿 보완 — ISO 누락 선언 추가 (5건)
프로세스 템플릿 보완 — SBOM 절차 추가 (3건)
내부 링크 수정 (2건)
3-process말미에2-process-template링크 추가4-tool에 FOSSLight tools/ 링크 추가신규 도구 페이지 작성 (3건)
tools/5-cdxgen/_index.md— cdxgen SBOM 생성 도구tools/6-syft/_index.md— Syft SBOM 생성 도구tools/7-dependency-track/_index.md— Dependency-Track SBOM 관리 플랫폼빌드 검증
TODO (후속 작업)
content/en/guide/영어 버전 동기화 (별도 PR 예정)🤖 Generated with Claude Code