Skip to content

Adds NTIA SBOM Validator #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Adds NTIA SBOM Validator #25

wants to merge 2 commits into from

Conversation

saramaebee
Copy link

This is a tool for validating CycloneDX SBOMs against the NTIA's Minimum Required Elements for an SBOM

@saramaebee saramaebee requested a review from a team as a code owner May 6, 2025 15:37
@saramaebee
Copy link
Author

Force push was just to add the DCO message :)

mrutkows
mrutkows requested changes May 7, 2025
View reviewed changes
tools.yaml Outdated
@@ -2177,6 +2177,13 @@
categories:
- opensource
- author
- name: NTIA Validator for CycloneDX
publisher: FOSSA
description: Ensure your CycloneDX SBOM meets NTIA requirements BEFORE you submit.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unsure of what "BEFORE you submit" means. Relative to what process? Borrowing from the "key features" section of the tool website, perhaps the description would better include the bullets from there:

  • Detailed validation feedback
  • Dependency graph visualization and validation

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the feedback. I've updated the description to explain a little better :)

@mrutkows mrutkows self-assigned this May 7, 2025
@stevespringett
Copy link
Member

Note: The CycloneDX team is in the process of migrating the legacy Tool Center datafile (tools.yaml) to the new Tool Center v2 format (tools.json). This work is expected to be complete by the end of May.

Once the migration to the v2 datafile is complete:

  • The information in this PR will need to be made against the new datafile.
  • PRs will not be accepted against the v2 datafile until the migration is complete.
  • The legacy datafile and schema will be permanently removed.

Information about the new Tool Center v2 schema can be found at: https://cyclonedx.github.io/tool-center/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrutkows mrutkows mrutkows requested changes

Assignees

@mrutkows mrutkows

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@saramaebee @stevespringett @mrutkows