> I have a question, though. Why didn't you list sbomqs as the first item? We are passionate supporters of the community, and within SPDX, members have done a good job of maintaining ntia-conformance-check, so they should definitely get the credit first.
Our goal with sbomqs has been cross-spec, multi-purpose utility, and we will continue to iterate with new features. Thanks for your support. If you have a feature request, we are all ears. > I see. Well, if I don't find local CLI tools, I'll try to find a way to use an online API. If you do consider API route, Interlynk platform is fully accessible via API and supports - assessment, enrichment, vulnerability mapping, lifecycle, automated edits, and a ton more. Our goal has been to take operators' minds off of spec-specific details and more into their use cases - Security, Compliance, or DevOps. I can show it in action if you do go down that route. Thanks! - Surendra On Fri, Jun 21, 2024 at 2:53 PM Luis Soeiro via lists.spdx.org <lfl.sb= [email protected]> wrote: > Hi Surendra > > Em 2024-06-21 22:57, Surendra Pathak escreveu: > > If you are looking for validation against spec - > > https://github.com/spdx/tools-python is the best (might need getting > > used to with the result of the format) > > Yes, that's what I'm looking for, > > > If you are looking for NTIA / Regulatory confirmation, the options are > > - > > > a) https://github.com/spdx/ntia-conformance-checker > > b) https://github.com/interlynk-io/sbomqs > > c) https://github.com/eBay/sbom-scorecard > > d) https://github.com/anthonyharrison/sbomaudit > > I'll take a look. The NTIA regulatory confirmation tools validate for > the mimimum fields? > > > > Of course, I am biased towards our tool - sbomqs, and we have also kept > > it up to date with new regulations such as BSI's SBOM > requirements. > > Ok. I've been using sbomqs and it is a nice tool. I wanted to see if > there were anything official or the would be officially recommended. > > I have a question, though. Why didn't you list sbomqs as the first item? > > > However, all of the above tools work well in listing conformance > > issues. > Thanks for the list. I'll take a deeper look. > > Best, > > Luis > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1867): https://lists.spdx.org/g/spdx/message/1867 Mute This Topic: https://lists.spdx.org/mt/106803276/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
