Hi Surendra
Em 2024-06-21 22:57, Surendra Pathak escreveu:
If you are looking for validation against spec -
https://github.com/spdx/tools-python is the best (might need getting
used to with the result of the format)
Yes, that's what I'm looking for,
If you are looking for NTIA / Regulatory confirmation, the options are
-
a) https://github.com/spdx/ntia-conformance-checker
b) https://github.com/interlynk-io/sbomqs
c) https://github.com/eBay/sbom-scorecard
d) https://github.com/anthonyharrison/sbomaudit
I'll take a look. The NTIA regulatory confirmation tools validate for
the mimimum fields?
Of course, I am biased towards our tool - sbomqs, and we have also kept
it up to date with new regulations such as BSI's SBOM
requirements.
Ok. I've been using sbomqs and it is a nice tool. I wanted to see if
there were anything official or the would be officially recommended.
I have a question, though. Why didn't you list sbomqs as the first item?
However, all of the above tools work well in listing conformance
issues.
Thanks for the list. I'll take a deeper look.
Best,
Luis
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1866): https://lists.spdx.org/g/spdx/message/1866
Mute This Topic: https://lists.spdx.org/mt/106803276/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
