Aegis Status Update

maennchen · maennchen · commit c2066b761485 · 2026-04-03T11:11:36.000+02:00
diff --git a/docs/_includes/head-custom.html b/docs/_includes/head-custom.html
@@ -23,4 +23,12 @@
     max-width: 250px;
     height: auto;
   }
+
+  .task-list-item:has(> .task-list-item-checkbox) {
+    list-style-type: none;
+    margin-left: -1.35em;
+  }
+  .task-list-item-checkbox {
+    margin-right: 0.4em;
+  }
 </style>
diff --git a/docs/aegis/roadmap/core-tooling-governance-audit.md b/docs/aegis/roadmap/core-tooling-governance-audit.md
@@ -3,8 +3,6 @@ title: Core Tooling Governance Audit
 area: Governance
 status: Planning
 funding_required: false
-supporters:
-  - Herrmann Ultraschall
 index: 8
 previous:
   url: hex-build-provenance
diff --git a/docs/aegis/roadmap/hex-build-provenance.md b/docs/aegis/roadmap/hex-build-provenance.md
@@ -3,8 +3,6 @@ title: Hex Build Provenance
 area: Supply Chain
 status: Planning
 funding_required: true
-supporters:
-  - HCA Healthcare
 index: 7
 previous:
   url: core-tooling-compliance
diff --git a/docs/aegis/roadmap/source-sbom.md b/docs/aegis/roadmap/source-sbom.md
@@ -2,7 +2,7 @@
 title: Source SBoM
 area: Supply Chain
 status: In Progress
-funding_required: false
+funding_required: true
 supporters:
   - To Be Announced
 index: 3
@@ -35,18 +35,31 @@ communities.
 
 ## Deliverables
 
-* Integrations into ORT (mix, rebar3, Gleam)
-* Integrations into ScanCode (mix, rebar3, Gleam)
-* Build Tools (or plugins for build tools) can generate SBoMs
-  - Type: Source, Build, Runtime, & Cryptography
-  - Formats: SPDX, CycloneDX
+* [X] Integrations into ORT (mix, rebar3, Gleam)
+* [X] Integrations into ScanCode (mix, rebar3, Gleam)
+* [ ] Build Tools (or plugins for build tools) can generate SBoMs
+  - [X] Type: Source
+  - [ ] Format: SPDX
+  - [X] Format: CycloneDX
 * Core Infrastructure Source SBoM
-  - Languages (Erlang / Gleam / Elixir)
-  - Separate Build Tools (rebar3)
-  - Package Manager (Hex)
-  - offer Source SBoM
+  - [X] Language: Erlang
+  - [ ] Language: Gleam
+  - [X] Language: Elixir
+  - [ ] Build Tools: rebar3
+  - [ ] Package Manager: Hex
 
 ## Relevant Standards
 
 * [SPDX 3.0.1](https://spdx.github.io/spdx-spec/v3.0.1/)
 * [CycloneDX 1.6](https://ecma-international.org/publications-and-standards/standards/ecma-424/)
+
+## Results
+
+* [mix_sbom](https://github.com/erlef/mix_sbom)
+* [rebar3_sbom](https://github.com/erlef/rebar3_sbom)
+* [ORT Mix Plugin](https://oss-review-toolkit.org/ort/docs/plugins/package-managers/Mix)
+* [ORT Rebar3 Plugin](https://oss-review-toolkit.org/ort/docs/plugins/package-managers/Rebar3)
+* [ORT Gleam Plugin](https://oss-review-toolkit.org/ort/docs/plugins/package-managers/Gleam)
+* [Gleam Source Bill of Materials](https://gleam.run/documentation/source-bill-of-materials/)
+* [rebar3 SBoM Plugin](https://www.rebar3.org/docs/configuration/plugins/#software-bill-of-materials-sbom)
+* [Elixir SBoM Documentation](https://hexdocs.pm/elixir/main/sbom.html)
diff --git a/docs/aegis/roadmap/supply-chain-security-audit.md b/docs/aegis/roadmap/supply-chain-security-audit.md
@@ -6,7 +6,7 @@ funding_required: false
 supporters:
   - Alpha-Omega
 index: 4
-progress: 25
+progress: 75
 previous:
   url: source-sbom
   title: Source SBoM
@@ -46,3 +46,7 @@ proceed from a stable, trustworthy foundation.
   - [`elixir-lang/elixir`](https://github.com/elixir-lang/elixir) - Mix Build Tool
   - [`gleam-lang/gleam`](https://github.com/gleam-lang/gleam) - Gleam Build Tool
 * Remediation of findings
+
+## Results
+
+* [Alpha-Omega Engagement](https://github.com/ossf/alpha-omega/tree/main/alpha/engagements/2026/Erlang%20Ecosystem%20Foundation%2C%20Inc.%20(EEF))
