Software Bill of Materials

[David Nalley <da...@gnsa.us>]

Hi folks,

I've been participating at the periphery of NTIA's Software Component
Transparency efforts[1] that's focused on Software Bill of Materials.
One of the side conversations from that has been where to inject this
in the software building process. Is it properly located in build
tools like maven or better in IDEs (like Netbeans) or CI tools?

My initial thought is that there's probably no one right answer, and
there's a place for generating BoMs in a number of different layers.
It's probably also relatively trivial to build a plugin in Netbeans to
generate a BoM, but I wanted to solicit the opinion and feedback of
those who are smarter than I, hence this message.

Thanks,

--David

[1]https://www.ntia.doc.gov/SoftwareTransparency

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
For additional commands, e-mail: dev-help@netbeans.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists

Re: Software Bill of Materials

[Victor Corral <vc...@gmail.com>]

You I'm glad I got this email because that's exactly where I am at now. I
wish I could say that I'm with the Apache Foundation but I have had a hard
time relating to their work ethics unfortunately maybe I'm just not
responsible enough or I'm not sure but with netbeans on the Apache build
they released it without the modules why I asked but that's besides the
point is there any way you can contact me directly if my number is 702
601-6908 leave a text message or I probably won't answer and I will get
back to you ASAP thank you very much oh the modules on talking about would
be the modules from dying as I am implementing the dyne into all systems
that is the centimeter gram second second systems of units. The modules
would be my Italian cookbook of modules.

On Monday, June 10, 2019, David Nalley <da...@gnsa.us> wrote:

> Hi folks,
>
> I've been participating at the periphery of NTIA's Software Component
> Transparency efforts[1] that's focused on Software Bill of Materials.
> One of the side conversations from that has been where to inject this
> in the software building process. Is it properly located in build
> tools like maven or better in IDEs (like Netbeans) or CI tools?
>
> My initial thought is that there's probably no one right answer, and
> there's a place for generating BoMs in a number of different layers.
> It's probably also relatively trivial to build a plugin in Netbeans to
> generate a BoM, but I wanted to solicit the opinion and feedback of
> those who are smarter than I, hence this message.
>
> Thanks,
>
> --David
>
> [1]https://www.ntia.doc.gov/SoftwareTransparency
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
> For additional commands, e-mail: dev-help@netbeans.apache.org
>
> For further information about the NetBeans mailing lists, visit:
> https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
>
>
>
>

-- 
Victor Corral

Re: Software Bill of Materials

[Geertjan Wielenga <ge...@apache.org>]

Hi David,

Thanks for this message -- what would a BoM consist of, can it be generated
in some way via Maven, if so, it can also be generated via NetBeans. And,
indeed, maybe we could provide some user interface support, i.e., a menu
item or checkbox somewhere, to enable this.

Thanks,

Gj

On Mon, Jun 10, 2019 at 7:57 PM David Nalley <da...@gnsa.us> wrote:

> Hi folks,
>
> I've been participating at the periphery of NTIA's Software Component
> Transparency efforts[1] that's focused on Software Bill of Materials.
> One of the side conversations from that has been where to inject this
> in the software building process. Is it properly located in build
> tools like maven or better in IDEs (like Netbeans) or CI tools?
>
> My initial thought is that there's probably no one right answer, and
> there's a place for generating BoMs in a number of different layers.
> It's probably also relatively trivial to build a plugin in Netbeans to
> generate a BoM, but I wanted to solicit the opinion and feedback of
> those who are smarter than I, hence this message.
>
> Thanks,
>
> --David
>
> [1]https://www.ntia.doc.gov/SoftwareTransparency
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@netbeans.apache.org
> For additional commands, e-mail: dev-help@netbeans.apache.org
>
> For further information about the NetBeans mailing lists, visit:
> https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
>
>
>
>