gsoc:2025-gsoc-spdx
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
gsoc:2025-gsoc-spdx [2025/02/11 22:31] till created |
gsoc:2025-gsoc-spdx [2025/03/07 22:50] (current) till |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ======Google Summer of Code 2025: SPDX projects====== | ======Google Summer of Code 2025: SPDX projects====== | ||
| - | == What is SPDX ? == | + | [[:gsoc:google-summer-code-2025|Main GSoC Linux Foundation page: How to apply, deadlines, other workgroups, ...]] |
| - | First and foremost we are a community dedicated to solving the issues and problems around compliance and risk management. This is accomplished through the development and support of an open standard capable of representing systems with software components as in SBOMs (Software Bill of Materials) and other AI, data and security references. | + | === Contact === |
| + | **Important:** We protect the e-mail addresses of our mentors and mailing | ||
| + | lists against spam bots. Please replace all occurrences of " at " and " dot | ||
| + | " by "@" and "." resp. | ||
| - | The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of whom have been involved with AI, software security, license compliance and identification for years. | + | * [[https://lists.spdx.org/mailman/listinfo/spdx-tech|SPDX tech mailing |
| + | list]] | ||
| + | * [[https://github.com/spdx|GitHub repositories containing the | ||
| + | specification and a variety of open source tools]] | ||
| - | == Why choose an SPDX Project? == | ||
| - | Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort. | + | === What is SPDX ? === |
| - | <br/> | + | First and foremost we are a community dedicated to solving the issues and |
| + | problems around compliance and risk management. This is accomplished | ||
| + | through the development and support of an open standard capable of | ||
| + | representing systems with software components as in SBOMs (Software Bill of | ||
| + | Materials) and other AI, data and security references. | ||
| - | = Getting Involved = | + | The SPDX work group (part of the Linux Foundation) consists of individuals, |
| + | community members, and representatives from companies, foundations and | ||
| + | organizations who use or are considering using the SPDX standard. The work | ||
| + | group operates much like a meritocratic, consensus-based community project; | ||
| + | that is, anyone with an interest in the project can join the community, | ||
| + | contribute to the specification, and participate in the decision-making | ||
| + | process. We come from many different backgrounds including open source | ||
| + | developers, lawyers, consultants and business professionals, many of whom | ||
| + | have been involved with AI, software security, license compliance and | ||
| + | identification for years. | ||
| - | Beyond working with your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list and on gitter (see resources). There is however a weekly call you could join as well. | + | === Why choose an SPDX Project? === |
| - | == Resources == | + | Contributing to one of the SPDX projects below will provide a valuable |
| + | contribution to developers and/or users of open source software. We believe | ||
| + | you will find the projects both technically challenging and rewarding. In | ||
| + | essence we believe you will be able to look back one day and I say I was | ||
| + | part of that effort. | ||
| - | * [http://spdx.dev SPDX website] | + | === Getting Involved === |
| - | * [https://spdx.dev/use/specifications/ SPDX Specification for generating SPDX Documents in multiple formats] | + | |
| - | * [https://spdx.dev/use/spdx-tools/ A set of basic tools for working with SPDX Documents] | + | |
| - | * [https://github.com/spdx GitHub repositories containing the specification and a variety of open source tools] | + | |
| - | * [https://github.com/spdx/using Information on how to use the SPDX specification] | + | |
| - | * [https://lists.spdx.org/mailman/listinfo/spdx-tech SPDX tech mailing list] | + | |
| - | = Ideas for 2025 Projects = | + | Beyond working with your mentor(s) we highly encourage students who select |
| + | one of these projects to get involved with the SPDX community via our | ||
| + | technical working group. Interaction with the technical team is primarily | ||
| + | done via its mailing list and on gitter (see resources). There is however a | ||
| + | weekly call you could join as well. | ||
| + | Details can be found on the | ||
| + | [[https://spdx.dev/engage/participate/technical-team/|SPDX Technical Team | ||
| + | participation page]]. | ||
| - | SBOM Conformance Checker | + | === Resources === |
| + | |||
| + | * [[http://spdx.dev|SPDX website]] | ||
| + | * [[https://spdx.dev/use/specifications/|SPDX Specification for generating | ||
| + | SPDX Documents in multiple formats]] | ||
| + | * [[https://spdx.dev/use/spdx-tools/|A set of basic tools for working with | ||
| + | SPDX Documents]] | ||
| + | * [[https://github.com/spdx/using|Information on how to use the SPDX | ||
| + | specification]] | ||
| + | |||
| + | === Ideas for 2025 Projects === | ||
| + | |||
| + | **SBOM Conformance Checker** | ||
| Create a web accessible tool for validating SPDX 3.0 documents. | Create a web accessible tool for validating SPDX 3.0 documents. | ||
| + | Size: Medium (175 hours) | ||
| + | |||
| + | Level of Difficulty: Hard | ||
| + | |||
| Skills Needed: | Skills Needed: | ||
| - | * Software development skills for Web based applications | + | * Software development skills for Web based applications |
| - | * Good user interface design skills | + | * Good user interface design skills |
| - | * Understanding of SBOM conformance and related standards/regulations such has CISA Common Software Bill of Materials or EU AI Act | + | * Understanding of SBOM conformance and related standards/regulations such |
| + | has CISA Common Software Bill of Materials or EU AI Act | ||
| Background Information: | Background Information: | ||
| - | An online form which allows the uploading, parsing, and validation of SPDX 3.0 would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java and Python libraries which could be used in the project. | + | An online form which allows the uploading, parsing, and validation of SPDX |
| - | Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. | + | 3.0 would provide immediate benefit to the SPDX community. There is no |
| + | specific programming language requirement, but there is an existing Java and | ||
| + | Python libraries which could be used in the project. | ||
| + | Some of the technical challenges for this project include having to handle | ||
| + | long running operations and implementing a very robust parser implementation | ||
| + | able to handle any input. | ||
| - | Available Mentor: John Speed Meyers, Gary O'Neall | + | Available Mentors: John Speed Meyers, Gary O'Neall (gary at sourceauditor |
| + | dot com) | ||
gsoc/2025-gsoc-spdx.1739313088.txt.gz · Last modified: 2025/02/11 22:31 by till
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
