BCG uses the online tool and recommends that US Gov entities use the online tools to validate SBOMs (both SPDX and CycloneDX) as part of the CISA secure software risk assessment process (RSAA portal SBOMs)
Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership Never trust software, always verify and report! T https://businesscyberguardian.com/ Email: [email protected] Tel: +1 978-696-1788 -----Original Message----- From: [email protected] <[email protected]> On Behalf Of Gary O'Neall Sent: Friday, June 21, 2024 1:41 PM To: [email protected] Subject: Re: [spdx] Validating SPDX files - looking for a tool Hi Luis, Both the Python tools [1] and the Java tools [2] are supported by the SPDX community and can validate SPDX files. There is also an online tool validator [3] which uses the Java tools on the server. Best, Gary [1] https://github.com/spdx/tools-python [2] https://github.com/spdx/tools-java [3] https://tools.spdx.org/app/validate/ > -----Original Message----- > From: [email protected] <[email protected]> On Behalf Of Luis > Soeiro > Sent: Friday, June 21, 2024 2:19 AM > To: [email protected] > Subject: [spdx] Validating SPDX files - looking for a tool > > Hello > > I'm looking for an open source command line tool that could > validate a SPDX file. On the following page: > > https://spdx.dev/use/tools/open-source-tools/ > > There are some tools listed, but is there an official tool or > one that is recommended? > > If not, which ones could you recommend? > > Thanks, > > Luis > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1862): https://lists.spdx.org/g/spdx/message/1862 Mute This Topic: https://lists.spdx.org/mt/106803276/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
