Resources This file contains references and external resources that inform our analyses. Related Standards SPDX Specification CycloneDX Specification Package URL (purl) specification Package Metadata analyses and tools CodeMeta crosswalks (specs for ~42 package managers) ClearlyDefined ecosyste.ms libraries.io CPAN Security Group: Roles and metadata in Open Source supply-chains Security and Integrity Frameworks The Update Framework (TUF) Software Preservation Software Heritage Project Related communities OpenChain OpenSSF (Open Source Security Foundation) TODO Group