Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add bsi-v2 command #354

Merged
merged 1 commit into from
Nov 19, 2024
Merged

add bsi-v2 command #354

merged 1 commit into from
Nov 19, 2024

Conversation

viveksahu26
Copy link
Collaborator

closes #329

This PR is a part of new big feature to support bsi-v2 compliance.

  • [ ✔️ ] Add the command bsi-v2.

$ go run main.go compliance --bsi-v2 samples/photon.spdx.json
$ go run main.go compliance -s samples/photon.spdx.json

go run main.go compliance -h                                

Check if our SBOM meets compliance requirements for various standards, such as NTIA minimum elements, 
BSI TR-03183-2, Framing Software Component Transparency (v3) and OpenChain Telco.

Usage:
  sbomqs compliance [flags]

Examples:
 sbomqs compliance  < --ntia | --bsi | --bsi-v2 | --fsct | --oct >  [--basic | --json]   <SBOM file>

  # Check a NTIA minimum elements compliance against a SBOM in a table output
  sbomqs compliance --ntia samples/sbomqs-spdx-syft.json

  # Check a BSI TR-03183-2 v1.1 compliance against a SBOM in a table output
  sbomqs compliance --bsi samples/sbomqs-spdx-syft.json

  # Check a BSI TR-03183-2 v2.0.0 compliance against a SBOM in a table output
  sbomqs compliance --bsi-v2 samples/sbomqs-spdx-syft.json

   # Check a Framing Software Component Transparency (v3) compliance against a SBOM in a table output
  sbomqs compliance --fsct samples/sbomqs-spdx-syft.json

  # Check a OpenChain Telco compliance against a SBOM in a JSON output
  sbomqs compliance --oct --json samples/sbomqs-spdx-syft.json

   # Check a Framing Software Component Transparency (v3) compliance against a SBOM in a table colorful output
  sbomqs compliance --fsct --color samples/sbomqs-spdx-syft.json



Flags:
  -b, --basic      output in basic format
  -c, --bsi        BSI TR-03183-2 (v1.1)
  -s, --bsi-v2     BSI TR-03183-2 (v2.0.0)
  -l, --color      output in colorful
  -D, --debug      debug logging
  -d, --detailed   output in detailed format(default)
  -f, --fsct       Framing Software Component Transparency (v3)
  -h, --help       help for compliance
  -j, --json       output in json format
  -n, --ntia       NTIA minimum elements (July 12, 2021)
  -t, --oct        OpenChain Telco SBOM (v1.0)

@viveksahu26
add bsi-v2 command
a7d3b9a 
Signed-off-by: Vivek Kumar Sahu <vivekkumarsahu650@gmail.com>
@riteshnoronha riteshnoronha merged commit 1ee63ea into interlynk-io:main Nov 19, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@riteshnoronha riteshnoronha riteshnoronha approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[JFYI] BSI TR-03183-2 v2.0.0 was published
2 participants
@viveksahu26 @riteshnoronha