Open lfrancke opened 10 months ago
@lfrancke great to see you are evaluating sbomqs for sbom quality control. We have used sbomqs to help sbom generation tools improve their output https://github.com/interlynk-io/sbomqs/discussions/39. We are actively developing this tool, we would love any feedback you have during or after your evaluation of the tool.
FYI recently sbomqs was used to for sbom quality benchmarks at codenotary https://codenotary.com/blog/monthly-quality-report-for-sbom-tools
Leanix also recommends us for SBOM quality. https://docs-vsm.leanix.net/docs/step-1-generating-cyclonedx-software-bill-of-materials#a-note-on-sbom-quality
We are actively working with the cpython sbom creator to help improve his tool. https://github.com/sethmlarson/cpython-sbom/issues.
Github has credited sbomqs with improving its output https://github.com/advanced-security/gh-sbom/releases/tag/v0.0.3
Other OSS SBOM quality tools we know of https://github.com/spdx/ntia-conformance-checker [SPDX]
As a user and creator of the Stackable SBOMs I'd like to know what their quality is.