sbom-analysis

SBOM generation tool analysis with kglab in terms of accuracy and coverage

Getting Started

The content on the website is divided into three sections for easy organization.

SBOMs: This section contains general pages about SBOMs, core functions used to analyze them, SPDX definitions, and the minimum elements required by NITIA. Additionally, in that section, there are pages about the case studies showcasing the initial SBOM analysis using Microsoft’s SBOM generation tool.

Tool Analysis: This section contains the analysis of some SBOMs generation tools available in the market. The analysis is based on the fossa framework for Evaluating SBOM Tools, on the NTIA minimum element guidelines, and in some quality metrics for SBOMs available in the sbomqs tool. We also analyzed the SBOMs generated through knowledge graphs.

AI Specifications: This section contains pages about SPDX AI Package, Hugging face cards and others AI metadata specifications.

Installation

To install this repo, first clone it, then run the following commands:

Create a virtual environment with PDM for package installation:

pdm venv create 3.9

Select the correct python interpreter (the one in the virtual environment):

pdm use

Install the packages:

pdm install

Running Commands

All commands should be run with PDM like the following:

pdm run <command>