Hi Luis, Just to close this thread sbomqs <https://github.com/interlynk-io/sbomqs>: v0.1.5 released today has added details to the basic output:
Example: sbomqs score -b ~/Downloads/syft-0.105.1_nginx-stable-bullseye-perl.spdx.json 8.4 spdx 2.3 json /Users/interlynk/Downloads/syft-0.105.1_nginx-stable-bullseye-perl.spdx.json I hope that helps, Surendra On Sun, Jun 23, 2024 at 9:29 PM Surendra Pathak via lists.spdx.org <[email protected]> wrote: > Certainly, I have filed it here: > https://github.com/interlynk-io/sbomqs/issues/263 if you wish to follow > along. > > Thanks > Surendra > > On Sun, Jun 23, 2024 at 6:24 AM Luis Soeiro via lists.spdx.org <lfl.sb= > [email protected]> wrote: > >> Em 2024-06-22 01:11, Surendra Pathak escreveu: >> > We are passionate supporters of the community, and within SPDX, members >> > have done a good job of maintaining ntia-conformance-check, so they >> > should definitely get the credit first. >> Good! >> >> > Our goal with sbomqs has been cross-spec, multi-purpose utility, and we >> > will continue to iterate with new features. Thanks for your support. If >> > you have a feature request, we are all ears. >> >> Well, since you have brought this up... ;-) >> >> There is one command line combination "sbomqs score -b" which is very >> handy to include in batch processing. Under GUN/Linux, >> I can capture its output with result=$(sbomqs score -b) and it includes >> one line. Example: >> >> for file in $files >> do >> result=$(sbomqs score -b $file) >> echo "$file,$result" >> results.txt >> done >> >> results.txt: >> sbom.spdx,5.6 >> bom.1.2.json,5.6 >> xyz,5.6,5.6 >> >> However, it would be very nice if there were a way to get more >> information. In addition to the score, there could be a way to also >> return the detected specification standard and the specific format. For >> instance: >> "5.6,spdx,json" or "5.6,cyclonedx,xml" >> >> for file in $files >> do >> result=$(sbomqs fullrecord -b $file) >> echo "$file,$result" >> results.txt >> done >> >> results.txt: >> sbom.spdx,5.6,spdx,tag >> bom.1.2.json,5.6,cyclonedx,json >> xyz,5.6,spdx,json >> >> >> I see. Well, if I don't find local CLI tools, I'll try to find a way >> >> to use an online API. >> > If you do consider API route, Interlynk platform is fully accessible >> > via API and supports - assessment, enrichment, vulnerability mapping, >> > lifecycle, automated edits, and a ton more. >> > Our goal has been to take operators' minds off of spec-specific details >> > and more into their use cases - Security, Compliance, or DevOps. I can >> > show it in action if you do go down that route. >> >> I'll keep that in mind, thanks. >> >> Best, >> Luis >> >> >> >> >> >> > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1878): https://lists.spdx.org/g/spdx/message/1878 Mute This Topic: https://lists.spdx.org/mt/106803276/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
