tac icon indicating copy to clipboard operation
tac copied to clipboard
verified publisher icon openmainframeproject

SBOM for mainframe applications Working Group

Open suman-gopinath opened this issue 7 months ago • 2 comments

Describe the purpose of the group in no more that 4-5 sentences

To refine and adapt industry standard SBOMs to cater to traditional z/OS applications primarily - COBOL, PL/I, HLASM and mixed language applications. The scope of this charter will target creation of SBOMs for z/OS applications and Application products delivered by Vendors i.e. code that is invoked during runtime of a z/OS Application

Goals of the working group

  1. Review existing industry standard SBOM definitions and formats (including SPDX implementation at Telco)
  2. Work with SPDX and CycloneDX to identify attributes and fields pertaining to z/OS Applications. Work with the communities to add them to the appropriate profiles. .
  3. Identify SBOM attributes and specifications for Build and Deploy of traditional z/OS applications that follow an incremental build and deploy processes – with the ability to extend to full application builds and deploy for packaged application products
  4. Validate and review identified standards across at least 10 different mainframe enterprises

Non-goals of the working group

  1. This workgroup will only define the formats and if necessary, validation libraries for the formats. It will not include tooling to create SBOMs
  2. Prioritization of individual SBOM delivery timelines across vendors
  3. SBOMs for pure-java, python, NodeJS applications running on z/OS. There exists tooling frameworks and libraries for these technologies. This workgroup will align and ensure consistency across applications

Deliverables

  1. Published Github pages with
  2. Introduction to SBOMs for z/OS applications
  3. Guidelines on generating SBOMs from build and deploy
  4. Identified attributes as necessary for z/OS applications
  5. Packages for validating SBOMs

suman-gopinath avatar May 21 '25 18:05 suman-gopinath

Deliverables

  1. Published Github pages with
  2. Introduction to SBOMs for z/OS applications
  3. Guidelines on generating SBOMs from build and deploy
  4. Identified attributes as necessary for z/OS applications
  5. Packages for validating SBOMs

Deliverables should have been

Deliverables

  1. Published Github pages with - Introduction to SBOMs for z/OS applications - Guidelines on generating SBOMs from build and deploy - Identified attributes as necessary for z/OS applications - Packages for validating SBOMs

reachsenthilnathan avatar May 22 '25 16:05 reachsenthilnathan

Approved via LFX Vote:

Image

jmertic avatar Jul 10 '25 16:07 jmertic