viveksahu26
commented
1 month ago Hey @riteshnoronha , I am tryng to understand this issue. So, basically we need to add one more data field for schema which will determine whether provided SBOM compliance/validate with the official schema of respective SBOM format type i.e CycloneDX or SPDX. One more thing do we need to check against the latest official schema of SBOMs. Am I understanding the issue rightly ?
Sbomqs is currently not validating the sbom against the official schema for cyclonedx or spdx. This validation should be added to give a better picture of the sbom.
reference: https://github.com/DependencyTrack/dependency-track/issues/3759