Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SBOM tools test suite #22

Open
tsteenbe opened this issue Sep 28, 2022 · 1 comment
Open

SBOM tools test suite #22

tsteenbe opened this issue Sep 28, 2022 · 1 comment

Comments

@tsteenbe
Copy link

I would be useful to have a way to see the outputs produced of various SBOM tool so we can:

  • Compare accuracy (breadth of detection or completeness / fidelity / metdata included)
  • Compare semantics (each tool translates realty in code differently into a SBOM)
  • Compare component ids (each tool uses generates different package names/identifiers)
@tsteenbe tsteenbe changed the title SBOM test suite SBOM tools test suite Sep 28, 2022
@tsteenbe
Copy link
Author

@joshbressers as said in today Security Tooling meeting I am working on repository containing various package definition files (pom.xml, package.json, etc) which will be scanned using (FOSS) SBOM tools every 24 hours using GitHub actions.

My intent is that one can always compare latest state of the tools to make it easier to choice one that fits their business needs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tsteenbe