SPDXMerge Tool #spdx
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge: SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge: SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From:
spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Date: Wednesday, March 29, 2023 at 9:33 AM
To: spdx@... <spdx@...>
Subject: [spdx] SPDXMerge Tool #spdx
|
!! External Email |
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides
shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats,
such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge:
SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
|
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender. |
Thanks Sandeep,
Excellent contribution to the community!
Gary
Sent: Wednesday, March 29, 2023 10:32 AM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Date: Wednesday, March 29, 2023 at 9:33 AM
To: spdx@... <spdx@...>
Subject: [spdx] SPDXMerge Tool #spdx
!! External Email |
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge: SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender. |
Thanks Sandeep,
Excellent contribution to the community!
Gary
Sent: Wednesday, March 29, 2023 10:32 AM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Date: Wednesday, March 29, 2023 at 9:33 AM
To: spdx@... <spdx@...>
Subject: [spdx] SPDXMerge Tool #spdx
!! External Email |
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge: SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender. |
Thanks Sandeep,
Excellent contribution to the community!
Gary
Sent: Wednesday, March 29, 2023 10:32 AM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Date: Wednesday, March 29, 2023 at 9:33 AM
To: spdx@... <spdx@...>
Subject: [spdx] SPDXMerge Tool #spdx
!! External Email |
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge: SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender. |
Thanks Sandeep,
Excellent contribution to the community!
Gary
Sent: Wednesday, March 29, 2023 10:32 AM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Date: Wednesday, March 29, 2023 at 9:33 AM
To: spdx@... <spdx@...>
Subject: [spdx] SPDXMerge Tool #spdx
!! External Email |
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge: SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender. |
Thanks Sandeep,
Excellent contribution to the community!
Gary
Sent: Wednesday, March 29, 2023 10:32 AM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Date: Wednesday, March 29, 2023 at 9:33 AM
To: spdx@... <spdx@...>
Subject: [spdx] SPDXMerge Tool #spdx
!! External Email |
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge: SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender. |
This is awesome thank you Sandeep!
Joseph D. Silvia
Director Software Quality Training and Consulting
Oriel STAT A MATRIX
|
Improving Workplace Performance Since 1968
1055 Thomas Jefferson St. NW, Suite 304
Washington, DC 20007
Office:732.906.6142 Mobile:781.526.5636 |
jsilvia@...
View Our Training
Catalog
Follow us: LinkedIn | Blog
| orielstat.com
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
Sent: Wednesday, March 29, 2023 3:29 PM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
Thanks Sandeep,
Excellent contribution to the community!
Gary
From: spdx@... <spdx@...>
On Behalf Of Rose Judge via
lists.spdx.org
Sent: Wednesday, March 29, 2023 10:32 AM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From:
spdx@... <spdx@...> on behalf of Patil, Sandeep via
lists.spdx.org <sandeep.patil=philips.com@...>
Date: Wednesday, March 29, 2023 at 9:33 AM
To: spdx@... <spdx@...>
Subject: [spdx] SPDXMerge Tool #spdx
|
!! External Email |
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides
shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats,
such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge:
SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
|
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender. |
This is awesome thank you Sandeep!
Joseph D. Silvia
Director Software Quality Training and Consulting
Oriel STAT A MATRIX | Improving Workplace Performance Since 19681055 Thomas Jefferson St. NW, Suite 304
Washington, DC 20007
Office:732.906.6142 Mobile:781.526.5636 | jsilvia@...
View Our Training Catalog
Follow us: LinkedIn | Blog | orielstat.com
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
Thanks Sandeep,
Excellent contribution to the community!
Gary
From: spdx@... <spdx@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, March 29, 2023 10:32 AM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Date: Wednesday, March 29, 2023 at 9:33 AM
To: spdx@... <spdx@...>
Subject: [spdx] SPDXMerge Tool #spdx
!! External Email
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge: SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender.
Hi Sandeep and Rose, how do you guys test the presence of all the components after merging?I have built the spdx file visualizer. Check the sample screenshot. https://github.com/dineshr93/sq#samplesupports only spdx 2.2 & 2.3 json format as of nowThanks & happy weekend all!RegardsDineshOn Thu, Mar 30, 2023 at 12:48 AM Joseph Silvia via lists.spdx.org <jsilvia=orielstat.com@...> wrote:This is awesome thank you Sandeep!
Joseph D. Silvia
Director Software Quality Training and Consulting
Oriel STAT A MATRIX | Improving Workplace Performance Since 19681055 Thomas Jefferson St. NW, Suite 304
Washington, DC 20007
Office:732.906.6142 Mobile:781.526.5636 | jsilvia@...
View Our Training Catalog
Follow us: LinkedIn | Blog | orielstat.com
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
Thanks Sandeep,
Excellent contribution to the community!
Gary
From: spdx@... <spdx@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, March 29, 2023 10:32 AM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Date: Wednesday, March 29, 2023 at 9:33 AM
To: spdx@... <spdx@...>
Subject: [spdx] SPDXMerge Tool #spdx
!! External Email
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge: SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender.
Thanks Anthony! Very cool tools!
Gary
Sent: Monday, April 3, 2023 9:35 AM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
It is good to see these tools being created and hopefully helping users understand the contents of an SBOM without having to become fluent in JSON or other formats :-).
I have produced sbom2doc (available on PyPi but under active development) which produces human-readable output for an SBOM (both SPDX and CycloneDX are supported). Sample output (can be sent to the console, a markdown file or PDF)
An alternative view of an SBOM is also available via sbom2dot (another one of my tools :-)) which shows a hierarchical view of the component dependencies and the licenses for each component. This also works with both SPDX and CycloneDX SBOMs
Hopefully these will be useful to the community.
Regards
Anthony
On Fri, 31 Mar 2023 at 21:51, DR <dineshr93@...> wrote:
Hi Sandeep and Rose, how do you guys test the presence of all the components after merging?
I have built the spdx file visualizer. Check the sample screenshot. https://github.com/dineshr93/sq#sample
supports only spdx 2.2 & 2.3 json format as of now
Thanks & happy weekend all!
Regards
Dinesh
On Thu, Mar 30, 2023 at 12:48 AM Joseph Silvia via lists.spdx.org <jsilvia=orielstat.com@...> wrote:
This is awesome thank you Sandeep!
Joseph D. Silvia
Director Software Quality Training and Consulting
Oriel STAT A MATRIX | Improving Workplace Performance Since 19681055 Thomas Jefferson St. NW, Suite 304
Washington, DC 20007
Office:732.906.6142 Mobile:781.526.5636 | jsilvia@...
View Our Training Catalog
Follow us: LinkedIn | Blog | orielstat.com
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
Thanks Sandeep,
Excellent contribution to the community!
Gary
From: spdx@... <spdx@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, March 29, 2023 10:32 AM
To: spdx@...
Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Date: Wednesday, March 29, 2023 at 9:33 AM
To: spdx@... <spdx@...>
Subject: [spdx] SPDXMerge Tool #spdx
!! External Email
Hi All,
We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
philips-software/SPDXMerge: SPDX Merge tool (github.com).
We welcome your feedback and contributions!
Regards
Sandeep
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender.
