sbom-utility

sbom-utility copied to clipboard

Hi guys,

I would like to use the sbom-utility tool to validate proper output (schema) of other SBOM tools that generate a CycloneDX SBOM.

I know that there are tools checking against JSON schemas, but all I found have dependencies to a certain runtime like Node.js, Java, Python, and I want a binary that can be simply integrated into a CI pipeline like sbom-utility.

It would be very helpful to have a switch (or another way like e.g. a licenses.json without entries) so that license validation is skipped.