Em 2024-06-22 01:11, Surendra Pathak escreveu:
We are passionate supporters of the community, and within SPDX, members
have done a good job of maintaining ntia-conformance-check, so they
should definitely get the credit first.
Good!
Our goal with sbomqs has been cross-spec, multi-purpose utility, and we
will continue to iterate with new features. Thanks for your support. If
you have a feature request, we are all ears.
Well, since you have brought this up... ;-)
There is one command line combination "sbomqs score -b" which is very
handy to include in batch processing. Under GUN/Linux,
I can capture its output with result=$(sbomqs score -b) and it includes
one line. Example:
for file in $files
do
result=$(sbomqs score -b $file)
echo "$file,$result" >> results.txt
done
results.txt:
sbom.spdx,5.6
bom.1.2.json,5.6
xyz,5.6,5.6
However, it would be very nice if there were a way to get more
information. In addition to the score, there could be a way to also
return the detected specification standard and the specific format. For
instance:
"5.6,spdx,json" or "5.6,cyclonedx,xml"
for file in $files
do
result=$(sbomqs fullrecord -b $file)
echo "$file,$result" >> results.txt
done
results.txt:
sbom.spdx,5.6,spdx,tag
bom.1.2.json,5.6,cyclonedx,json
xyz,5.6,spdx,json
I see. Well, if I don't find local CLI tools, I'll try to find a way
to use an online API.
If you do consider API route, Interlynk platform is fully accessible
via API and supports - assessment, enrichment, vulnerability mapping,
lifecycle, automated edits, and a ton more.
Our goal has been to take operators' minds off of spec-specific details
and more into their use cases - Security, Compliance, or DevOps. I can
show it in action if you do go down that route.
I'll keep that in mind, thanks.
Best,
Luis
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#1871): https://lists.spdx.org/g/spdx/message/1871
Mute This Topic: https://lists.spdx.org/mt/106803276/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
