This repository hosts copies of various documents drafted collaboratively by the CISA SBOM Community and related efforts. This repository is intentionally incomplete until some organizational decision are made.
The maintainers acknowledge and thank CISA, NTIA, and the many volunteer contributors to this body of work on SBOM and related topics. Document summaries are largely adapted from CISA and NTIA sources.
These documents were developed collaboratively by the CISA SBOM Community and are hosted in the CISA SBOM Resources Library.
September 2024 [original] [local]
Further defines and clarifies SBOM Attributes from the Second Edition, offering descriptions of the minimum expected, recommended practices, and aspirational goal for each Attribute.
October 2021 [original] [local]
A detailed foundation of SBOM that defines SBOM concepts and related terms, offers an updated baseline of how software components are to be represented, and discusses the processes around SBOM creation.
2019 [original] [local]
To better understand how VEX is being used or considered for use today, the VEX Working Group solicited and reviewed current VEX practices.
These documents were developed collaboratively through the NTIA Multistakeholder Process on Software Component Transparency and are hosted on the NTIA Software Bill of Materials page.
November 2020 [original] [local]
Outlines detailed information, benefits, and commonly asked questions.