forked from ossf/sbom-everywhere
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request ossf#52 from italvi/patch-1
Add CycloneDX Editor Validator Tool by Festo
- Loading branch information
Showing
3 changed files
with
24 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10 changes: 10 additions & 0 deletions
10
SBOM-Catalog/public/descriptions/CycloneDX-Editor-Validator-Tool.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
The [CycloneDX Editor Validator Tool](https://github.com/Festo-se/cyclonedx-editor-validator) is designed as a command-line tool to perform various actions on CycloneDX SBOMs. It allows you to modify, merge and validate your SBOMs. | ||
The documentation is provided as [GitHub pages](https://festo-se.github.io/cyclonedx-editor-validator/). Tne tool can be installed via [pypi](https://pypi.org/project/cyclonedx-editor-validator/). | ||
|
||
## Key Features and Capabilities: | ||
- Amend: Adds missing auto-generatable information to an existing SBOM. | ||
- Merge: Merges two or more SBOMs into one. | ||
- Validate: Validates an SBOM against a given specification. The tool is deployed with the default CycloneDX schema and a custom schema, but a path to schema can also be provided. | ||
- Set: Using the command-line or a json, you can set properties on specified components in an SBOM, e.g. when information in an automtically created SBOM is missing or not correct. | ||
- Build-public: Remove components and information with namespace internal and resolves the dependencies. | ||
- CI-/CD-Integration: As this is a command-line tool, it can be integrated into your pipelines and the validation even provide a report, which can be used by the [`warnings-ng-plugin`](https://github.com/jenkinsci/warnings-ng-plugin) from Jenkins or a [`code-quality-report`](https://docs.gitlab.com/ee/ci/testing/code_quality.html#implement-a-custom-tool) as required by GitLab. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.