Skip to content

Adds NTIA SBOM Validator#25

Draft
saramaebee wants to merge 2 commits intoCycloneDX:mainfrom
fossas:main
Draft

Adds NTIA SBOM Validator#25
saramaebee wants to merge 2 commits intoCycloneDX:mainfrom
fossas:main

Conversation

@saramaebee
Copy link

@saramaebee saramaebee commented May 6, 2025

This is a tool for validating CycloneDX SBOMs against the NTIA's Minimum Required Elements for an SBOM

@saramaebee saramaebee requested a review from a team as a code owner May 6, 2025 15:37
@saramaebee
Copy link
Author

saramaebee commented May 6, 2025

Force push was just to add the DCO message :)

mrutkows
mrutkows requested changes May 7, 2025
View reviewed changes
tools.yaml Outdated
- author
- name: NTIA Validator for CycloneDX
publisher: FOSSA
description: Ensure your CycloneDX SBOM meets NTIA requirements BEFORE you submit.
Copy link
Contributor

@mrutkows mrutkows May 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unsure of what "BEFORE you submit" means. Relative to what process? Borrowing from the "key features" section of the tool website, perhaps the description would better include the bullets from there:

  • Detailed validation feedback
  • Dependency graph visualization and validation

Copy link
Author

@saramaebee saramaebee May 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the feedback. I've updated the description to explain a little better :)

@mrutkows mrutkows self-assigned this May 7, 2025
@stevespringett
Copy link
Member

stevespringett commented May 7, 2025

Note: The CycloneDX team is in the process of migrating the legacy Tool Center datafile (tools.yaml) to the new Tool Center v2 format (tools.json). This work is expected to be complete by the end of May.

Once the migration to the v2 datafile is complete:

  • The information in this PR will need to be made against the new datafile.
  • PRs will not be accepted against the v2 datafile until the migration is complete.
  • The legacy datafile and schema will be permanently removed.

Information about the new Tool Center v2 schema can be found at: https://cyclonedx.github.io/tool-center/

saramaebee added 2 commits May 7, 2025 11:43
@saramaebee
adds NTIA SBOM Validator
5ea1f91 
Signed-off-by: Sara <jsmbeaudet@gmail.com>
@saramaebee
updating based on feedback
3748e2c 
Signed-off-by: Sara <jsmbeaudet@gmail.com>
@jkowalleck
Copy link
Member

jkowalleck commented Sep 24, 2025

we've changed how the tools.json is managed.
since now, each tool has its own json file in https://github.com/CycloneDX/tool-center/tree/main/tools
please revert your changes to tools.json, and add a dedicated fiele in the tools folder.

@jkowalleck jkowalleck marked this pull request as draft September 25, 2025 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrutkows mrutkows mrutkows requested changes

Assignees

@mrutkows mrutkows

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@saramaebee @stevespringett @jkowalleck @mrutkows