Agenda

Finalize agenda
CBOM tooling presentation by Nicklas Körtge
Live review of the Lifecycle document

Announcements

Add here

Presentation

Add here

Decision

Add here

Discussion

Finalize agenda

No new items added

CBOM tooling presentation by Nicklas Körtge

Nicklas Körtge (IBM Research - Zurich) presented his tooling that helps faciliate CBOM creation and maintenance.

His presentation covered:

Show the OSS (Apache 2.0) Sonor Cryptography Plugin github repository
Demonstration of the live service that uses the plugin
- Live service aviable to all to test and generate downloadable CBOM (Java and Python for now)
- You can try this yourself
Discuss how scanning works and how new languages can be added
Top three missing items:
1. More languages / libraries
2. Edge case testing
3. Usage and feedback

Live review of the Lifecycle document

lifecycle-doc

Licenses - OSI list from the LF but should be use a subset of OSI
1. Clarify licenses and preferred
Research projects
1. Categorization of the projects (labels)
2. Scaling could become an issue
Start resolving comments

Action items

Action items

## Done (from previous minutes)

Jones will see about An open source c/sbom generator
We will take time in next meeting to review lifecycle doc live with everyone and close on this [All]

## Old

Docs / Education / Website — look at PQ Code package as example [Nigel]
Lifecycle document review [All]
Summary for security workgroup [Nigel]
SBOM / CBOM interest query [Nigel]
Create GH issue for content reviewers [Naomi]
Lifecycle document completion [Hart]

## New

Continue review lifecycle doc [all]
Resolve comments [Brian, Hart, myself]

Recordings

Recordings are available on your Open Profile page under Past Meetings

Upcoming TAC meetings

Please check the calendar

Attended by

TAC members

Additional attendees

Yarkin Doroz (NVDIA)
Bryan Uhri (KeyFactor)
Alex Bozarth (IBM)
Ry Jones (LF)
Hart Montgomery (LF)