https://sktelecom.github.io/en/guide/supply-chain/for-suppliers/Recent content in Supplier SBOM Submission Guide on SK telecom Open SourceHugoenhttps://sktelecom.github.io/en/guide/supply-chain/for-suppliers/requirements/Mon, 01 Jan 0001 00:00:00 +0000https://sktelecom.github.io/en/guide/supply-chain/for-suppliers/requirements/<h2 id="1-standard-data-formats">1. Standard Data Formats<a class="td-heading-self-link" href="#1-standard-data-formats" aria-label="Heading self-link"></a></h2> <p>SK Telecom supports both formats that have become established as global standards. Suppliers may choose and submit the format supported by the tool they use.</p> <table> <thead> <tr> <th>Format</th> <th>Version</th> <th>Recommended Use</th> <th>File Format</th> </tr> </thead> <tbody> <tr> <td>CycloneDX</td> <td>v1.3, v1.4, v1.5, v1.6</td> <td>Application security, vulnerability management focus</td> <td>JSON (recommended), XML</td> </tr> <tr> <td>SPDX</td> <td>v2.2, v2.3</td> <td>License compliance focus</td> <td>JSON, Tag-Value</td> </tr> </tbody> </table> <blockquote> <p>Note: Both formats are recognized equally, but CycloneDX (JSON) format is recommended for internal system interoperability.</p>https://sktelecom.github.io/en/guide/supply-chain/for-suppliers/checklist/Mon, 01 Jan 0001 00:00:00 +0000https://sktelecom.github.io/en/guide/supply-chain/for-suppliers/checklist/<h2 id="essential-checklist-items">Essential Checklist Items<a class="td-heading-self-link" href="#essential-checklist-items" aria-label="Heading self-link"></a></h2> <p>An SBOM that does not pass the checklist below may be automatically rejected by the system.</p> <h3 id="1-file-integrity">1. File Integrity<a class="td-heading-self-link" href="#1-file-integrity" aria-label="Heading self-link"></a></h3> <ul> <li><input disabled="" type="checkbox"> Is the file extension <code>.json</code> or <code>.xml</code>? (Not an archive file)</li> <li><input disabled="" type="checkbox"> Is the file size at least 1KB, and the content not empty?</li> <li><input disabled="" type="checkbox"> Are there any JSON syntax errors? (Verification with <code>jq</code> or similar is recommended)</li> </ul> <h3 id="2-required-data-fields">2. Required Data Fields<a class="td-heading-self-link" href="#2-required-data-fields" aria-label="Heading self-link"></a></h3> <ul> <li><input disabled="" type="checkbox"> bomFormat: Is <code>CycloneDX</code> or <code>SPDX</code> specified?</li> <li><input disabled="" type="checkbox"> Metadata: Are the name and version of the top-level component (the delivered project) accurate?</li> <li><input disabled="" type="checkbox"> Components: Does the list of included libraries match the actual ones?</li> </ul> <h3 id="3-dependency-completeness-check">3. Dependency Completeness Check<a class="td-heading-self-link" href="#3-dependency-completeness-check" aria-label="Heading self-link"></a></h3> <p>Missing transitive dependencies are the most common reason for rejection. Be sure to verify the items below.</p>https://sktelecom.github.io/en/guide/supply-chain/for-suppliers/submission/Mon, 01 Jan 0001 00:00:00 +0000https://sktelecom.github.io/en/guide/supply-chain/for-suppliers/submission/<h2 id="1-when-to-submit">1. When to Submit<a class="td-heading-self-link" href="#1-when-to-submit" aria-label="Heading self-link"></a></h2> <ul> <li>At initial delivery after concluding a software contract</li> <li>When a major or minor version of the software is updated</li> <li>When a regular submission schedule specified in the contract arrives</li> </ul> <h2 id="2-how-to-submit">2. How to Submit<a class="td-heading-self-link" href="#2-how-to-submit" aria-label="Heading self-link"></a></h2> <p>The SBOM file is submitted to SK Telecom&rsquo;s business unit and security team representatives via email or a designated system.</p> <h3 id="submission-method">Submission Method<a class="td-heading-self-link" href="#submission-method" aria-label="Heading self-link"></a></h3> <ul> <li>Deliver the SBOM file to the business unit and security team representatives via email or a channel designated by the representative.</li> <li>Email subject: <code>[SBOM Submission] SupplierName_ProjectName_Version</code></li> <li>Attachment: The generated SBOM file (password-protected archive files are not allowed)</li> </ul> <p>Required information in the body:</p>