toscalix
Software HeritageApril 23 marks 1 year since the #SWHID became the ISO/IEC 18670 standard. @toscalix joins us to discuss its practical use cases in software integrity & compliance. https://www.softwareheritage.org/2026/04/23/one-year-swhid-iso-iec-18670-standard/ #ISO #OpenSource #SBOM
This week I ended up the 5 article series about #SWHID, the intrinsic, persistent and standardised software artifacts identifier.
Check them out:
1. What is the Best Way to Identify Software? Introducing SWHID https://toscalix.com/2026/03/10/what-is-the-best-way-to-identify-software-introducing-swhid/
2. Description of SWHID: Syntax. https://toscalix.com/2026/03/17/description-of-swhid-syntax/
3. SWHID Is An #OpenStandard, Governed Under #OpenGovernance. https://toscalix.com/2026/03/24/swhid-is-an-open-standard-governed-under-open-governance/
4. SWHID and #pURL. https://toscalix.com/2026/03/31/swhid-and-purl/
5. SWHID in Practice: https://toscalix.com/2026/04/07/swhid-in-practice-sbom-verification-cra-compliance-and-traceability-use-cases/
"In this article, I present real-world use cases showing how SWHID can improve SBOMs, support regulatory compliance such as the Cyber Resilience Act, and enable traceability, across different industries."
Last blog post of the #swhid series: https://toscalix.com/2026/04/07/swhid-in-practice-sbom-verification-cra-compliance-and-traceability-use-cases/
#compliance #softwareidentifier #provenance #traceability #cra #sbom
Today at 23:00 UTC I will be speaking about #swhid in automotive use cases to the #openchain #automotive group. Check https://openchain-project.github.io/Automotive-Open-Source-Governance-Monthly/
I will be talking to #opensource #automotive professionals about #swhid at the Automotive Open-Source Governance Monthly Discussions, from OpenChain, on March 26th at 11:00 UTC
https://openchain-project.github.io/Automotive-Open-Source-Governance-Monthly/
Bastien Guerry 🧢What's if you could ~$ git clone SWHID?
"You’d end up with git clone as a content-addressed fetch primitive rather than just a URL fetch, which is an interesting building block for reproducible builds and supply chain verification."
A nice write-up by @andrewnez on git remote helpers 👉 https://nesbitt.io/2026/03/18/git-remote-helpers.html
[...] "I just explained the syntax of SWHID, describing how their core identifier and optional qualifiers combine to uniquely reference software artifacts, as well as specific fragments within them. "
https://toscalix.com/2026/03/17/description-of-swhid-syntax/
#swhid #swidentifier #provenance #traceability #integrity #compliance
This article explains the syntax of #swhid describing how the core identifier and optional qualifiers are structured. It shows how SWHIDs can reference software artifacts such as files, directories, revisions, and releases, and how their design enables precise comparison of software.
What is the best way to identify software? My first article of a series about #swhid
http://toscalix.com/2026/03/10/what-is-the-best-way-to-identify-software-introducing-swhid/