The tools listed in this Tools section use the following classifications to aid in their selection.
Category | Type | Description |
---|---|---|
Produce | Build | Document is automatically created as part of building an artifact and contains information about the build. |
Manual | A person will manually fill in the information. | |
Audit Tool | A source code analysis or audit tool will generate the document by inspection of the artifact and any associated sources. | |
Consume | View | Be able to understand the contents in human readable form (picture, figures, tables, text.). Use to support decision making & business processes. |
Diff | Be able to compare two documents of a given formation and clearly see the differences. For instance, comparing between two versions of a piece of software. | |
Analyze | Be able to import a document into software; e.g. Software Risk assessment. | |
Transform | Translate | Change from one SPDX file format to another while preserving the same information. |
Merge | Multiple sources of documents can be merged together for analysis and audit purposes. | |
Tool Integration | Support use in other tools by APIs, libraries. |
Source: This information has been reproduced from the NTIA SBOM Formats & Tooling Working Group publication as of March 30, 2021 at NTIA SBOM Tool Classification Taxonomy