[Tool Request]: PkgToSoftwareBOM

[SamuraiAku]

Tool or Product name

PkgToSoftwareBOM.jl

Open Source or Proprietary

open source

Company or Organization name

NA

Organization or Company Logo Usage

• [ ] Already a member of SPDX
• [X] Permission to use logo as an SPDX supporter (required if not a member)

Public Contact Email or URL

savery@ieee.org

Product or tool website

https://github.com/SamuraiAku/PkgToSoftwareBOM.jl

Description

PkgToSoftwareBOM.jl produces an SBOM describing your Julia environment in the SPDX format. The SBOM includes:

• A complete package dependency list
• A complete binary artifact dependency list
• A best effort determination of the declared software license for all packages and binaries

SBOM tool category

• [X] Produce(Build)
• [ ] Produce(Analyze)
• [ ] Produce(Edit)
• [ ] Consume(View)
• [ ] Consume(Diff)
• [ ] Consume(Import)
• [ ] Transform(Translate)
• [ ] Transform(Merge)
• [ ] Transform(Tool Support)

SPDX Versions supported

• [ ] 2.0
• [ ] 2.1
• [ ] 2.2
• [X] 2.3
• [ ] 3.0 In Progress
• [ ] 3.0

SPDX verification

Used the online SPDX validation tool on example SBOMs generated during the development process. For an output example see: https://github.com/SamuraiAku/PkgToSoftwareBOM.jl/blob/v0.1.12/examples/Environment_Example1.spdx.json

How to procure

PkgToSoftwareBOM is a registered Julia package. Users install it using the Julia package manager.

Installation instructions

User documentation is found in the package README

Link to quick start guide

https://github.com/SamuraiAku/PkgToSoftwareBOM.jl/blob/v0.1.12/README.md

Link to logo

https://upload.wikimedia.org/wikipedia/commons/1/1f/Julia_Programming_Language_Logo.svg

[podence]

Posted

[podence]

done

[podence]

Done

From: SamuraiAku @.> Date: Sunday, September 22, 2024 at 2:24 PM To: spdx/outreach @.> Cc: Subscribed @.***> Subject: [spdx/outreach] [Tool Request]: PkgToSoftwareBOM (Issue #89) Tool or Product name PkgToSoftwareBOM. jl Open Source or Proprietary open source Company or Organization name NA Organization or Company Logo Usage Already a member of SPDX Permission to use logo as an SPDX supporter (required if not a member) ZjQcmQRYFpfptBannerStart This Message Is From an External Sender Do not click links or open attachments unless you recognize the sender and know the content is safe.

ZjQcmQRYFpfptBannerEnd Tool or Product name

PkgToSoftwareBOM.jl

Open Source or Proprietary

open source

Company or Organization name

NA

Organization or Company Logo Usage

• Already a member of SPDX
• Permission to use logo as an SPDX supporter (required if not a member)

Public Contact Email or URL

@.**@.>

Product or tool website

https://github.com/SamuraiAku/PkgToSoftwareBOM.jlhttps://urldefense.com/v3/__https:/github.com/SamuraiAku/PkgToSoftwareBOM.jl__;!!A4F2R9G_pg!Z96x2pQc6vjdcbVWK1fc002wl8BzO-bIRpFGJ2-tqr_k_yJoB-aa6r-CsK_wpIex2biDIKfgN6nsVbeUToi1Rq0MFjH2cWSd$

Description

PkgToSoftwareBOM.jl produces an SBOM describing your Julia environment in the SPDX format. The SBOM includes:

• A complete package dependency list
• A complete binary artifact dependency list
• A best effort determination of the declared software license for all packages and binaries

SBOM tool category

• Produce(Build)
• Produce(Analyze)
• Produce(Edit)
• Consume(View)
• Consume(Diff)
• Consume(Import)
• Transform(Translate)
• Transform(Merge)
• Transform(Tool Support)

SPDX Versions supported

• 2.0
• 2.1
• 2.2
• 2.3
• 3.0 In Progress
• 3.0

SPDX verification

Used the online SPDX validation tool on example SBOMs generated during the development process. For an output example see: https://github.com/SamuraiAku/PkgToSoftwareBOM.jl/blob/v0.1.12/examples/Environment_Example1.spdx.jsonhttps://urldefense.com/v3/__https:/github.com/SamuraiAku/PkgToSoftwareBOM.jl/blob/v0.1.12/examples/Environment_Example1.spdx.json__;!!A4F2R9G_pg!Z96x2pQc6vjdcbVWK1fc002wl8BzO-bIRpFGJ2-tqr_k_yJoB-aa6r-CsK_wpIex2biDIKfgN6nsVbeUToi1Rq0MFl-I78-3$

How to procure

PkgToSoftwareBOM is a registered Julia package. Users install it using the Julia package manager.

Installation instructions

User documentation is found in the package README

Link to quick start guide

https://github.com/SamuraiAku/PkgToSoftwareBOM.jl/blob/v0.1.12/README.mdhttps://urldefense.com/v3/__https:/github.com/SamuraiAku/PkgToSoftwareBOM.jl/blob/v0.1.12/README.md__;!!A4F2R9G_pg!Z96x2pQc6vjdcbVWK1fc002wl8BzO-bIRpFGJ2-tqr_k_yJoB-aa6r-CsK_wpIex2biDIKfgN6nsVbeUToi1Rq0MFtkehfPG$

Link to logo

https://upload.wikimedia.org/wikipedia/commons/1/1f/Julia_Programming_Language_Logo.svghttps://urldefense.com/v3/__https:/upload.wikimedia.org/wikipedia/commons/1/1f/Julia_Programming_Language_Logo.svg__;!!A4F2R9G_pg!Z96x2pQc6vjdcbVWK1fc002wl8BzO-bIRpFGJ2-tqr_k_yJoB-aa6r-CsK_wpIex2biDIKfgN6nsVbeUToi1Rq0MFoBE6Ye6$

— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/spdx/outreach/issues/89__;!!A4F2R9G_pg!Z96x2pQc6vjdcbVWK1fc002wl8BzO-bIRpFGJ2-tqr_k_yJoB-aa6r-CsK_wpIex2biDIKfgN6nsVbeUToi1Rq0MFiyyR7vs$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/ABBJS4JTBASGDMXLNFGIQSTZX4DMLAVCNFSM6AAAAABOUYY72KVHI2DSMVQWIX3LMV43ASLTON2WKOZSGU2DCMJZG4YTCNA__;!!A4F2R9G_pg!Z96x2pQc6vjdcbVWK1fc002wl8BzO-bIRpFGJ2-tqr_k_yJoB-aa6r-CsK_wpIex2biDIKfgN6nsVbeUToi1Rq0MFl6J4ZJb$. You are receiving this because you are subscribed to this thread.Message ID: @.***>