cyclonedx-editor-validator 0.6.1

Tool for creating, modifying and validating CycloneDX SBOMs.

CycloneDX Editor/Validator

This command-line tool performs various actions on CycloneDX SBOMs. It allows you to modify and validate your SBOMs.

Documentation

• Official documentation.
• Available commands.
• Known Limitations.

Contributing

See our Contributing guidelines.

To-do

• Add possibility for adding a configuration-file. This could be useful for e.g. configuration of validator as the used flags remain the same.
• Add plausibility check. This would be used for e.g. finding orphaned bom-refs. One further use case would be plausibility check of VEX.
• Use model from "official" python lib. This helps working on classes instead of dicts, which would make our code more robust.
• Add function for initialization of a SBOM. Create initial SBOM, so that somebody creating a SBOM manually has a first draft.
• Add support for SPDX. This must still be discussed as currently most users rely on CycloneDX.
• Add possibility to search within SBOM. This could be used to e.g. retrieve all information for a specific component.
• Configure mypy to strict mode. This would simply increase our code quality.
• Use json-source-map for better validation errors. This would be useful for e.g. using within a VS Code extension to receive the incorrect line.