Skip to main content


Tool Classification

The tools listed in this Tools section use the following classifications to aid in their selection.


Category Type Description
Produce Build Document is automatically created as part of building an artifact and contains information about the build.
  Manual A person will manually fill in the information.
  Audit Tool A source code analysis or audit tool will generate the document by inspection of the artifact and any associated sources.
Consume View Be able to understand the contents in human readable form (picture, figures, tables, text.). Use  to support decision making & business processes.
  Diff Be able to compare two documents of a given formation and clearly see the differences.  For instance, comparing between two versions of a piece of software.
  Analyze Be able to import a document into software; e.g. Software Risk assessment.
Transform Translate Change from one SPDX file format to another while preserving the same information.
  Merge Multiple sources of documents can be merged together for analysis and audit purposes.
  Tool Integration Support use in other tools by APIs,  libraries.

Source: This information has been reproduced from the NTIA SBOM Formats & Tooling Working Group publication as of March 30, 2021 at NTIA SBOM Tool Classification Taxonomy