Skip to content

Add sbom-tools to Tool Center#111

Open
matrosov wants to merge 3 commits into
CycloneDX:mainfrom
matrosov:add/sbom-tools
Open

Add sbom-tools to Tool Center#111
matrosov wants to merge 3 commits into
CycloneDX:mainfrom
matrosov:add/sbom-tools

Conversation

@matrosov
Copy link
Copy Markdown

@matrosov matrosov commented May 20, 2026

Adds sbom-tools — an open-source, MIT-licensed CLI for semantic SBOM diff and analysis across CycloneDX (1.4–1.7) and SPDX (2.2, 2.3, 3.0).

Highlights

  • Compares SBOMs at the component / graph / license level (added, removed, modified, relationship changes)
  • Enriches with OSV/KEV vulnerability data, EOL detection (endoflife.date), VEX (OpenVEX, CycloneDX VEX)
  • Quality scoring engine (8 categories, A–F grade) and 9 compliance standards (NTIA, CRA Phase 1 & 2, FDA, NIST SSDF, EO 14028, BSI TR-03183-2, EUCC, ...)
  • Continuous watch mode for operational SBOM monitoring
  • Outputs: JSON, SARIF, Markdown, HTML, CSV, summary, TUI

Contribution checklist

  • Tool is SBOM/xBOM-related (SBOM + VDR/VEX)
  • Metadata and description are accurate and current
  • Licensing/attribution respected (MIT, OSI-approved)
  • Added as a single file under tools/ (tools/sbom_tools.json)
  • Validates against schemas/tool.schema.json (spec v2.0)
  • tools.json left untouched (regenerated by CI / helpers/tools-assemble.py)

@matrosov matrosov requested a review from a team as a code owner May 20, 2026 01:47
matrosov added a commit to sbom-tool/sbom-tools that referenced this pull request May 20, 2026
@matrosov @claude
docs: use sbom.tools as website_url in Tool Center entry
41e692a 
Match the value submitted upstream in CycloneDX/tool-center#111.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@matrosov
Add sbom-tools to Tool Center
42ab152 
Semantic SBOM diff and analysis tool for CycloneDX and SPDX.
https://github.com/sbom-tool/sbom-tools

Signed-off-by: Alex Matrosov <alex.matrosov@gmail.com>
jkowalleck
jkowalleck requested changes May 20, 2026
View reviewed changes
Comment thread tools/semantic_sbom_diff.json
@matrosov
Address review: use more specific tool name
f46fc80 
Rename from generic "sbom-tools" to "Semantic SBOM Diff (sbom-tools)"
to address @jkowalleck's feedback that the original name was too broad
for the Tool Center listing. Crate name retained in parentheses for
discoverability.

Signed-off-by: Alex Matrosov <alex.matrosov@gmail.com>
@matrosov
Copy link
Copy Markdown
Author

matrosov commented May 20, 2026

Thanks for the review @jkowalleck! Updated the name field to "Semantic SBOM Diff (sbom-tools)" in f46fc80 — leads with the functional differentiator (semantic diff + analysis) and keeps the crate name in parentheses for discoverability.

jkowalleck
jkowalleck reviewed May 21, 2026
View reviewed changes
Comment thread tools/semantic_sbom_diff.json
Copy link
Copy Markdown
Member

@jkowalleck jkowalleck May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please rename the file to match the tool's name.

@matrosov
Address review: rename file to match tool name
3676fba 
Rename tools/sbom_tools.json -> tools/semantic_sbom_diff.json per
@jkowalleck's request that the filename match the tool name. Uses
snake_case to match the dominant convention in tools/.

Signed-off-by: Alex Matrosov <alex.matrosov@gmail.com>
@matrosov
Copy link
Copy Markdown
Author

matrosov commented May 23, 2026

Renamed in 3676fba: tools/sbom_tools.jsontools/semantic_sbom_diff.json (snake_case to match the dominant convention in tools/). Let me know if you'd prefer a different spelling. @jkowalleck

matrosov added a commit to sbom-tool/sbom-tools that referenced this pull request May 25, 2026
@matrosov @claude
docs: use sbom.tools as website_url in Tool Center entry
b232aae 
Match the value submitted upstream in CycloneDX/tool-center#111.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
matrosov added a commit to sbom-tool/sbom-tools that referenced this pull request May 25, 2026
@matrosov @claude
docs: align Tool Center entry with reviewer feedback
52e40b0 
Apply two changes requested in CycloneDX/tool-center#111:
- name: "sbom-tools" → "Semantic SBOM Diff (sbom-tools)"
- file: tools/sbom_tools.json → tools/semantic_sbom_diff.json

Rationale row updated to credit the upstream review and explain the
naming choice; step-by-step note now warns that filename must follow
the tool name.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
matrosov added a commit to sbom-tool/sbom-tools that referenced this pull request May 25, 2026
@matrosov @claude
docs: add CycloneDX Tool Center submission guide (#177)
6e30f0c 
* docs: add CycloneDX Tool Center submission guide

Document how to list sbom-tools in the CycloneDX Tool Center,
including the split-file model, validation steps, and a
ready-to-use schema v2 tool entry.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs: use sbom.tools as website_url in Tool Center entry

Match the value submitted upstream in CycloneDX/tool-center#111.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs: align Tool Center entry with reviewer feedback

Apply two changes requested in CycloneDX/tool-center#111:
- name: "sbom-tools" → "Semantic SBOM Diff (sbom-tools)"
- file: tools/sbom_tools.json → tools/semantic_sbom_diff.json

Rationale row updated to credit the upstream review and explain the
naming choice; step-by-step note now warns that filename must follow
the tool name.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@matrosov
Copy link
Copy Markdown
Author

matrosov commented May 25, 2026

Friendly nudge — file rename pushed in 3676fba (tools/semantic_sbom_diff.json); happy to adjust further if needed. @jkowalleck

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkowalleck jkowalleck jkowalleck requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@matrosov @jkowalleck