Background
In the last year and a half the OpenChain Project has developed, published and seen adoption around the OpenChain Telco SBOM Guide. It helps define what is needed for a quality SBOM in practical supply chain use.
We just released Version 1.1 of the Guide, and you can learn more about that in our launch announcement:
Automation
The guide is supported by automation to make things more scalable. This matters for saving time, saving money and enabling sustainability. We started the automation journey around SBOM quality management with a validator for the OpenChain Telco SBOM Guide contributed by Nokia:
Expanded Automation Support – SCANOSS
This week SCANOSS announced their automation support for the OpenChain Telco SBOM Guide, the first commercial tooling provider formally aligning with our work on SBOM quality. You can get all the details on the SCANOSS blog post dedicated to this development.
“The OpenChain Telco SBOM Guide does a remarkable job in providing to the industry a shared direction,” said Julian Coccia, CTO at SCANOSS. “It represents an outstanding complement to the OpenChain 2.1, ISO/IEC 5230:2020 that provides a simple, clear and effective process management standard for open source license compliance. By integrating support to the schema described in this Guide directly into our tools, SCANOSS makes it easy for organizations to adopt these guidelines efficiently.”
Community Credits
Huge credit to Marc-Etienne Vargenau for his steady hand in chairing the OpenChain Telco Work Group, and to Jimmy Ahlberg of Ericsson for kicking off that work group, and his continued work as the Chair of the OpenChain Project Governing Board. Special thanks to all of our wonderful community, especially the contributors inside the OpenChain Telco Work Group who made this happen.
Naturally we also want to extend our thanks to Julian and the rest of the SCANOSS team for their adoption and support of the OpenChain Telco SBOM Guide.
