The SBOM Landscape is increasing at a rapid state. This is an incomplete list of SBOM and Supply Chain projects and how to find their respective communities.

If you would like to contribute to this list, please open an issue or pull request at https://github.com/fkautz/zt.dev

Requirements / Policy Working Groups

NTIA SBOM Resource Page

Website: https://ntia.gov/SBOM
Contact: Allan.Friedman ๐Ÿ‘‹ cisa.dhs.gov

SBOM Formats

CycloneDX

Website: https://cyclonedx.org
Participate: https://cyclonedx.org/about/participate/

SPDX

Website: https://spdx.dev
Participate: https://spdx.dev/participate/
ISO Standard: ISO/IEC 5962:2021 https://www.iso.org/standard/81870.html

GitBOM

Website: https://hackmd.io/@aeva/draft-gitbom-spec
Participate: OpenSSF Slack #gitbom

CNCF

in-toto

Website: https://in-toto.io/news/
Participate: https://github.com/in-toto/in-toto/

SigStore

Website: https://www.sigstore.dev
Participate: https://www.sigstore.dev/community

SPIFFE

Website: https://spiffe.io
Participate: https://github.com/spiffe

OpenSSF

SLSA

Website: https://slsa.dev/
Participate: https://slsa.dev/getinvolved

TALKS to be listed soon