SPDXMerge Tool #spdx
|
Patil, Sandeep
Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
We welcome your feedback and contributions! Regards Sandeep |
||||
|
|
||||
|
Kate Stewart
Very cool Sandeep! Thanks for sharing this! On Wed, Mar 29, 2023 at 11:33 AM Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...> wrote:
|
||||
|
|
||||
|
Rose Judge
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From:
spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides
shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats,
such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
We welcome your feedback and contributions!
|
||||
|
|
||||
|
Gary O'Neall
Thanks Sandeep,
Excellent contribution to the community!
Gary
From: spdx@... <spdx@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, March 29, 2023 10:32 AM To: spdx@... Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
We welcome your feedback and contributions!
|
||||
|
|
||||
|
Gary O'Neall
Thanks Sandeep,
Excellent contribution to the community!
Gary
From: spdx@... <spdx@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, March 29, 2023 10:32 AM To: spdx@... Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
We welcome your feedback and contributions!
|
||||
|
|
||||
|
Gary O'Neall
Thanks Sandeep,
Excellent contribution to the community!
Gary
From: spdx@... <spdx@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, March 29, 2023 10:32 AM To: spdx@... Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
We welcome your feedback and contributions!
|
||||
|
|
||||
|
Gary O'Neall
Thanks Sandeep,
Excellent contribution to the community!
Gary
From: spdx@... <spdx@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, March 29, 2023 10:32 AM To: spdx@... Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
We welcome your feedback and contributions!
|
||||
|
|
||||
|
Gary O'Neall
Thanks Sandeep,
Excellent contribution to the community!
Gary
From: spdx@... <spdx@...> On Behalf Of Rose Judge via lists.spdx.org
Sent: Wednesday, March 29, 2023 10:32 AM To: spdx@... Subject: Re: [spdx] SPDXMerge Tool #spdx
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From: spdx@... <spdx@...> on behalf of Patil, Sandeep via lists.spdx.org <sandeep.patil=philips.com@...>
Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats, such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
We welcome your feedback and contributions!
|
||||
|
|
||||
|
Joseph Silvia
This is awesome thank you Sandeep!
Joseph D. Silvia 1055 Thomas Jefferson St. NW, Suite 304 Washington, DC 20007 Office:732.906.6142 Mobile:781.526.5636 |
jsilvia@...
This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If you are not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately by return email and delete the message and any attachments from your system.
From: spdx@... <spdx@...> On Behalf Of
Gary O'Neall
Sent: Wednesday, March 29, 2023 3:29 PM To: spdx@... Subject: Re: [spdx] SPDXMerge Tool #spdx
Thanks Sandeep,
Excellent contribution to the community!
Gary
From: spdx@... <spdx@...>
On Behalf Of Rose Judge via
lists.spdx.org
Hi Sandeep,
Very cool! FYI, This is very similar to a tool Ivana and I recently developed and donated to the opensbom org: https://github.com/opensbom-generator/sbom-composer 😊
-Rose
From:
spdx@... <spdx@...> on behalf of Patil, Sandeep via
lists.spdx.org <sandeep.patil=philips.com@...>
Hi All, We are excited to announce that we have open sourced our SBoM Merge tool on GitHub. This tool allows you to merge multiple Software Bills of Materials (SBOMs) into a single SBOM file in SPDX format. It provides
shallow and deep merge options. This can help you gain a comprehensive view of the components and dependencies used in your software projects, as well as their licensing and security status. You can use this tool to merge SBOMs from different file formats,
such as SPDX, SWID Tagging. You can find the source code and documentation on our GitHub repository:
We welcome your feedback and contributions!
|
||||
|
|
||||
|
DR
Hi Sandeep and Rose, how do you guys test the presence of all the components after merging? I have built the spdx file visualizer. Check the sample screenshot. https://github.com/dineshr93/sq#sample  supports only spdx 2.2 & 2.3 json format as of now Thanks & happy weekend all! Regards Dinesh On Thu, Mar 30, 2023 at 12:48 AM Joseph Silvia via lists.spdx.org <jsilvia=orielstat.com@...> wrote:
|
||||
|
|
||||
|
It is good to see these tools being created and hopefully helping users understand the contents of an SBOM without having to become fluent in JSON or other formats :-). I have produced sbom2doc (available on PyPi but under active development) which produces human-readable output for an SBOM (both SPDX and CycloneDX are supported). Sample output (can be sent to the console, a markdown file or PDF)  An alternative view of an SBOM is also available via sbom2dot (another one of my tools :-)) which shows a hierarchical view of the component dependencies and the licenses for each component. This also works with both SPDX and CycloneDX SBOMs  Hopefully these will be useful to the community. Regards Anthony On Fri, 31 Mar 2023 at 21:51, DR <dineshr93@...> wrote:
|
||||
|
|
||||
|
Gary O'Neall
Thanks Anthony! Very cool tools!
Gary
From: spdx@... <spdx@...> On Behalf Of Anthony Harrison
Sent: Monday, April 3, 2023 9:35 AM To: spdx@... Subject: Re: [spdx] SPDXMerge Tool #spdx
It is good to see these tools being created and hopefully helping users understand the contents of an SBOM without having to become fluent in JSON or other formats :-).
I have produced sbom2doc (available on PyPi but under active development) which produces human-readable output for an SBOM (both SPDX and CycloneDX are supported). Sample output (can be sent to the console, a markdown file or PDF)
An alternative view of an SBOM is also available via sbom2dot (another one of my tools :-)) which shows a hierarchical view of the component dependencies and the licenses for each component. This also works with both SPDX and CycloneDX SBOMs
Hopefully these will be useful to the community.
Regards
Anthony
On Fri, 31 Mar 2023 at 21:51, DR <dineshr93@...> wrote:
|
||||
|
|
