The tools listed in this Tools section use the following classifications to aid in their selection.
| Category | Type | Description |
|---|---|---|
| Produce | Build | Document is automatically created as part of building an artifact and contains information about the build. |
| Manual | A person will manually fill in the information. | |
| Audit Tool | A source code analysis or audit tool will generate the document by inspection of the artifact and any associated sources. | |
| Consume | View | Be able to understand the contents in human readable form (picture, figures, tables, text.). Use to support decision making & business processes. |
| Diff | Be able to compare two documents of a given formation and clearly see the differences. For instance, comparing between two versions of a piece of software. | |
| Analyze | Be able to import a document into software; e.g. Software Risk assessment. | |
| Transform | Translate | Change from one SPDX file format to another while preserving the same information. |
| Merge | Multiple sources of documents can be merged together for analysis and audit purposes. | |
| Tool Integration | Support use in other tools by APIs, libraries. |
Source: This information has been reproduced from the NTIA SBOM Formats & Tooling Working Group publication as of March 30, 2021 at NTIA SBOM Tool Classification Taxonomy