From 0aee7618965cb7933b035b7dba44428605a0947a Mon Sep 17 00:00:00 2001 From: Natalia Luzuriaga Date: Thu, 1 Aug 2024 11:37:01 -0400 Subject: [PATCH] added sbom excerpt to policies section of readme Signed-off-by: Natalia Luzuriaga --- tier0/{{cookiecutter.project_slug}}/README.md | 9 +++++++++ tier1/{{cookiecutter.project_slug}}/README.md | 8 ++++++++ tier2/{{cookiecutter.project_slug}}/README.md | 8 ++++++++ tier3/{{cookiecutter.project_slug}}/README.md | 8 ++++++++ tier4/{{cookiecutter.project_slug}}/README.md | 8 ++++++++ 5 files changed, 41 insertions(+) diff --git a/tier0/{{cookiecutter.project_slug}}/README.md b/tier0/{{cookiecutter.project_slug}}/README.md index 3993636..e5cc94f 100644 --- a/tier0/{{cookiecutter.project_slug}}/README.md +++ b/tier0/{{cookiecutter.project_slug}}/README.md @@ -133,6 +133,15 @@ the American public, but you are also welcome to submit anonymously. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). +### Software Bill of Materials (SBOM) + +A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software. + +In the spirit of [Executive Order 14028 - Improving the Nation’s Cyber Security](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028), a SBOM for this repository is provided here: https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/network/dependencies. + +For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom. + + ## Public domain This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE). diff --git a/tier1/{{cookiecutter.project_slug}}/README.md b/tier1/{{cookiecutter.project_slug}}/README.md index 3299893..4ab3dc8 100644 --- a/tier1/{{cookiecutter.project_slug}}/README.md +++ b/tier1/{{cookiecutter.project_slug}}/README.md @@ -125,6 +125,14 @@ the American public, but you are also welcome to submit anonymously. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). +### Software Bill of Materials (SBOM) + +A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software. + +In the spirit of [Executive Order 14028 - Improving the Nation’s Cyber Security](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028), a SBOM for this repository is provided here: https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/network/dependencies. + +For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom. + ## Public domain This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE). diff --git a/tier2/{{cookiecutter.project_slug}}/README.md b/tier2/{{cookiecutter.project_slug}}/README.md index 238a0a6..07e39bd 100644 --- a/tier2/{{cookiecutter.project_slug}}/README.md +++ b/tier2/{{cookiecutter.project_slug}}/README.md @@ -121,6 +121,14 @@ the American public, but you are also welcome to submit anonymously. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). +### Software Bill of Materials (SBOM) + +A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software. + +In the spirit of [Executive Order 14028 - Improving the Nation’s Cyber Security](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028), a SBOM for this repository is provided here: https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/network/dependencies. + +For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom. + ## Public domain This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE). diff --git a/tier3/{{cookiecutter.project_slug}}/README.md b/tier3/{{cookiecutter.project_slug}}/README.md index 79ae938..619b9c5 100644 --- a/tier3/{{cookiecutter.project_slug}}/README.md +++ b/tier3/{{cookiecutter.project_slug}}/README.md @@ -121,6 +121,14 @@ the American public, but you are also welcome to submit anonymously. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). +### Software Bill of Materials (SBOM) + +A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software. + +In the spirit of [Executive Order 14028 - Improving the Nation’s Cyber Security](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028), a SBOM for this repository is provided here: https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/network/dependencies. + +For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom. + ## Public domain This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE). diff --git a/tier4/{{cookiecutter.project_slug}}/README.md b/tier4/{{cookiecutter.project_slug}}/README.md index cb2e961..4747b9b 100644 --- a/tier4/{{cookiecutter.project_slug}}/README.md +++ b/tier4/{{cookiecutter.project_slug}}/README.md @@ -111,6 +111,14 @@ the American public, but you are also welcome to submit anonymously. For more information about our Security, Vulnerability, and Responsible Disclosure Policies, see [SECURITY.md](SECURITY.md). +### Software Bill of Materials (SBOM) + +A Software Bill of Materials (SBOM) is a formal record containing the details and supply chain relationships of various components used in building software. + +In the spirit of [Executive Order 14028 - Improving the Nation’s Cyber Security](https://www.gsa.gov/technology/it-contract-vehicles-and-purchasing-programs/information-technology-category/it-security/executive-order-14028), a SBOM for this repository is provided here: https://github.com/{{ cookiecutter.project_org }}/{{ cookiecutter.project_repo_name }}/network/dependencies. + +For more information and resources about SBOMs, visit: https://www.cisa.gov/sbom. + ## Public domain This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/) as indicated in [LICENSE](LICENSE).