gsoc:2025-gsoc-spdx
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
gsoc:2025-gsoc-spdx [2025/02/11 23:05] till |
gsoc:2025-gsoc-spdx [2025/03/07 22:50] (current) till |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ======Google Summer of Code 2025: SPDX projects====== | ======Google Summer of Code 2025: SPDX projects====== | ||
| + | |||
| + | [[:gsoc:google-summer-code-2025|Main GSoC Linux Foundation page: How to apply, deadlines, other workgroups, ...]] | ||
| + | |||
| + | === Contact === | ||
| + | **Important:** We protect the e-mail addresses of our mentors and mailing | ||
| + | lists against spam bots. Please replace all occurrences of " at " and " dot | ||
| + | " by "@" and "." resp. | ||
| + | |||
| + | * [[https://lists.spdx.org/mailman/listinfo/spdx-tech|SPDX tech mailing | ||
| + | list]] | ||
| + | * [[https://github.com/spdx|GitHub repositories containing the | ||
| + | specification and a variety of open source tools]] | ||
| + | |||
| === What is SPDX ? === | === What is SPDX ? === | ||
| - | First and foremost we are a community dedicated to solving the issues and problems around compliance and risk management. This is accomplished through the development and support of an open standard capable of representing systems with software components as in SBOMs (Software Bill of Materials) and other AI, data and security references. | + | First and foremost we are a community dedicated to solving the issues and |
| + | problems around compliance and risk management. This is accomplished | ||
| + | through the development and support of an open standard capable of | ||
| + | representing systems with software components as in SBOMs (Software Bill of | ||
| + | Materials) and other AI, data and security references. | ||
| - | The SPDX work group (part of the Linux Foundation) consists of individuals, community members, and representatives from companies, foundations and organizations who use or are considering using the SPDX standard. The work group operates much like a meritocratic, consensus-based community project; that is, anyone with an interest in the project can join the community, contribute to the specification, and participate in the decision-making process. We come from many different backgrounds including open source developers, lawyers, consultants and business professionals, many of whom have been involved with AI, software security, license compliance and identification for years. | + | The SPDX work group (part of the Linux Foundation) consists of individuals, |
| + | community members, and representatives from companies, foundations and | ||
| + | organizations who use or are considering using the SPDX standard. The work | ||
| + | group operates much like a meritocratic, consensus-based community project; | ||
| + | that is, anyone with an interest in the project can join the community, | ||
| + | contribute to the specification, and participate in the decision-making | ||
| + | process. We come from many different backgrounds including open source | ||
| + | developers, lawyers, consultants and business professionals, many of whom | ||
| + | have been involved with AI, software security, license compliance and | ||
| + | identification for years. | ||
| === Why choose an SPDX Project? === | === Why choose an SPDX Project? === | ||
| - | Contributing to one of the SPDX projects below will provide a valuable contribution to developers and/or users of open source software. We believe you will find the projects both technically challenging and rewarding. In essence we believe you will be able to look back one day and I say I was part of that effort. | + | Contributing to one of the SPDX projects below will provide a valuable |
| + | contribution to developers and/or users of open source software. We believe | ||
| + | you will find the projects both technically challenging and rewarding. In | ||
| + | essence we believe you will be able to look back one day and I say I was | ||
| + | part of that effort. | ||
| - | == Getting Involved == | + | === Getting Involved === |
| - | Beyond working with your mentor(s) we highly encourage students who select one of these projects to get involved with the SPDX community via our technical working group. Interaction with the technical team is primarily done via its mailing list and on gitter (see resources). There is however a weekly call you could join as well. | + | Beyond working with your mentor(s) we highly encourage students who select |
| + | one of these projects to get involved with the SPDX community via our | ||
| + | technical working group. Interaction with the technical team is primarily | ||
| + | done via its mailing list and on gitter (see resources). There is however a | ||
| + | weekly call you could join as well. | ||
| + | Details can be found on the | ||
| + | [[https://spdx.dev/engage/participate/technical-team/|SPDX Technical Team | ||
| + | participation page]]. | ||
| === Resources === | === Resources === | ||
| * [[http://spdx.dev|SPDX website]] | * [[http://spdx.dev|SPDX website]] | ||
| - | * [[https://spdx.dev/use/specifications/|SPDX Specification for generating SPDX Documents in multiple formats]] | + | * [[https://spdx.dev/use/specifications/|SPDX Specification for generating |
| - | * [[https://spdx.dev/use/spdx-tools/|A set of basic tools for working with SPDX Documents]] | + | SPDX Documents in multiple formats]] |
| - | * [[https://github.com/spdx|GitHub repositories containing the specification and a variety of open source tools]] | + | * [[https://spdx.dev/use/spdx-tools/|A set of basic tools for working with |
| - | * [[https://github.com/spdx/using|Information on how to use the SPDX specification]] | + | SPDX Documents]] |
| - | * [[https://lists.spdx.org/mailman/listinfo/spdx-tech|SPDX tech mailing list]] | + | * [[https://github.com/spdx/using|Information on how to use the SPDX |
| + | specification]] | ||
| - | == Ideas for 2025 Projects == | + | === Ideas for 2025 Projects === |
| **SBOM Conformance Checker** | **SBOM Conformance Checker** | ||
| Line 30: | Line 68: | ||
| Create a web accessible tool for validating SPDX 3.0 documents. | Create a web accessible tool for validating SPDX 3.0 documents. | ||
| + | Size: Medium (175 hours) | ||
| + | |||
| + | Level of Difficulty: Hard | ||
| + | |||
| Skills Needed: | Skills Needed: | ||
| * Software development skills for Web based applications | * Software development skills for Web based applications | ||
| * Good user interface design skills | * Good user interface design skills | ||
| - | * Understanding of SBOM conformance and related standards/regulations such has CISA Common Software Bill of Materials or EU AI Act | + | * Understanding of SBOM conformance and related standards/regulations such |
| + | has CISA Common Software Bill of Materials or EU AI Act | ||
| Background Information: | Background Information: | ||
| - | An online form which allows the uploading, parsing, and validation of SPDX 3.0 would provide immediate benefit to the SPDX community. There is no specific programming language requirement, but there is an existing Java and Python libraries which could be used in the project. | + | An online form which allows the uploading, parsing, and validation of SPDX |
| - | Some of the technical challenges for this project include having to handle long running operations and implementing a very robust parser implementation able to handle any input. | + | 3.0 would provide immediate benefit to the SPDX community. There is no |
| + | specific programming language requirement, but there is an existing Java and | ||
| + | Python libraries which could be used in the project. | ||
| + | Some of the technical challenges for this project include having to handle | ||
| + | long running operations and implementing a very robust parser implementation | ||
| + | able to handle any input. | ||
| - | Available Mentors: John Speed Meyers, Gary O'Neall | + | Available Mentors: John Speed Meyers, Gary O'Neall (gary at sourceauditor |
| + | dot com) | ||
gsoc/2025-gsoc-spdx.1739315158.txt.gz · Last modified: 2025/02/11 23:05 by till
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
