viveksahu26
commented
4 months ago We can add one more flag to it: basic-all. One more thing would like to make changes to it, we should add a output flag, at the end, detailed, json, or basic are types of output format. So, the final command would look like something:
sbomqs score -h
comprehensive quality score for your sbom
Usage:
sbomqs score [flags]
Flags:
-c, --category string filter by category
--configpath string scoring based on config path
-D, --debug enable debug logging
-f, --feature string filter by feature
-h, --help help for score
-o, --output json, detailed, basic, basic-allSo, the command to get basic details which includes format, and specification:
$ sbomqs score file --output=basic-all
o/p:
6.4 SPDX, JSON, samples/sbomqs-spdx-syft.json 
riteshnoronha
By Luis on SPDX mailing list:
There is one command line combination "sbomqs score -b" which is very handy to include in batch processing. Under GUN/Linux, I can capture its output with result=$(sbomqs score -b) and it includes one line. Example:
for file in $files do result=$(sbomqs score -b $file) echo "$file,$result" >> results.txt done
results.txt: sbom.spdx,5.6 bom.1.2.json,5.6 xyz,5.6,5.6
However, it would be very nice if there were a way to get more information. In addition to the score, there could be a way to also return the detected specification standard and the specific format. For instance: "5.6,spdx,json" or "5.6,cyclonedx,xml"
for file in $files do result=$(sbomqs fullrecord -b $file) echo "$file,$result" >> results.txt done
results.txt: sbom.spdx,5.6,spdx,tag bom.1.2.json,5.6,cyclonedx,json xyz,5.6,spdx,json