goneall
commented
11 months ago Hi @Donkey-Hao - This project is designed to be a library used by any tool which generates or consumes SPDX document - it isn't really a standalone application. It supports SPDX version 2.0 and later formats (2.0, 2.1, 2.2 and 2.3).
There is a general utility tools-java which is a command line tool to help manage SPDX documents - but it doesn't do any analysis or scanning itself.
If you're looking for a scanning solution, check out the SPDX tools page for a list of open source and commercial tools which support the SPDX format.
ha0lyu
Hello, I want to know whether this tool can generate SBOM by analyzing Java project files (binary or source code) or other files, if it could generate SBOM, what formats does it support? Maybe, the tool is made for consume SPDX SBOM? I will appreciate it very much if you could answer my questions.