Support scoring category for FSCT, BSI, BS-V2, etc #413
Description
This issue is to add support of scoring for categories other than NTIA-minimum-elements, such as FSCT, BSI, BSI-V2, etc. Currently score support only category for SBOM compliance NTIA, i.e.
sbomqs score -c NTIA-minimum-elements ../sbomqs/samples/sbomqs-cdx-cgomod.json
catScores()
SBOM Quality by Interlynk Score:8.6 components:21 ../sbomqs/samples/sbomqs-cdx-cgomod.json
+-----------------------+-------------------------+-----------+--------------------------------+
| CATEGORY | FEATURE | SCORE | DESC |
+-----------------------+-------------------------+-----------+--------------------------------+
| NTIA-minimum-elements | comp_with_name | 10.0/10.0 | 21/21 have names |
+ +-------------------------+-----------+--------------------------------+
| | comp_with_supplier | 0.0/10.0 | 0/21 have supplier names |
+ +-------------------------+-----------+--------------------------------+
| | comp_with_uniq_ids | 10.0/10.0 | 21/21 have unique ID's |
+ +-------------------------+-----------+--------------------------------+
| | comp_with_version | 10.0/10.0 | 21/21 have versions |
+ +-------------------------+-----------+--------------------------------+
| | sbom_authors | 10.0/10.0 | doc has 1 authors |
+ +-------------------------+-----------+--------------------------------+
| | sbom_creation_timestamp | 10.0/10.0 | doc has creation timestamp |
| | | | 2023-05-04T02:34:37-07:00 |
+ +-------------------------+-----------+--------------------------------+
| | sbom_dependencies | 10.0/10.0 | doc has 11 dependencies |
+-----------------------+-------------------------+-----------+--------------------------------+
Motivation
- Along with detailed compliance of the SBOM, users are also interested to get a summary of their compliance like above for NTIA. Which gives them clear picture of how many components contains corresponding fields.
Metadata
Metadata
Assignees
Labels
No labels