You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the sbomqs score command does not provide feedback or suggestions for remediation when elements receive a low score or a score of 0.0. Including a separate column for remediation would greatly enhance the tool's usability by guiding users on how to improve their SBOM quality.
$ sbomqs score SPDXJSONExample-v2.3.spdx.json
SBOM Quality by Interlynk Score:8.7 components:1 SPDXJSONExample-v2.3.spdx.json
+-----------------------+--------------------------------+-----------+--------------------------------+
| CATEGORY | FEATURE | SCORE | DESC |
+-----------------------+--------------------------------+-----------+--------------------------------+
| NTIA-minimum-elements | comp_with_name | 10.0/10.0 | 1/1 have names |
+ +--------------------------------+-----------+--------------------------------+
|| comp_with_supplier | 10.0/10.0 | 1/1 have supplier names |
+ +--------------------------------+-----------+--------------------------------+
|| comp_with_uniq_ids | 10.0/10.0 | 1/1 have unique ID's |+ +--------------------------------+-----------+--------------------------------+| | comp_with_version | 10.0/10.0 | 1/1 have versions |+ +--------------------------------+-----------+--------------------------------+| | sbom_authors | 10.0/10.0 | doc has 3 authors |+ +--------------------------------+-----------+--------------------------------+| | sbom_creation_timestamp | 10.0/10.0 | doc has creation timestamp || | | | 2010-01-29T18:30:22Z |+ +--------------------------------+-----------+--------------------------------+| | sbom_dependencies | 10.0/10.0 | doc has 8 relationships |+-----------------------+--------------------------------+-----------+--------------------------------+| Quality | comp_valid_licenses | 0.0/10.0 | 0/1 components with valid || | | | license |+ +--------------------------------+-----------+--------------------------------+| | comp_with_any_vuln_lookup_id | 10.0/10.0 | 1/1 components have any lookup || | | | id |+ +--------------------------------+-----------+--------------------------------+| | comp_with_deprecated_licenses | 10.0/10.0 | 0/1 components have deprecated || | | | licenses |+ +--------------------------------+-----------+--------------------------------+| | comp_with_multi_vuln_lookup_id | 0.0/10.0 | 0/1 components have multiple || | | | lookup id |+ +--------------------------------+-----------+--------------------------------+| | comp_with_primary_purpose | 10.0/10.0 | 1/1 components have primary || | | | purpose specified |+ +--------------------------------+-----------+--------------------------------+| | comp_with_restrictive_licenses | 0.0/10.0 | 1/1 components have restricted || | | | licenses |+ +--------------------------------+-----------+--------------------------------+| | sbom_with_creator_and_version | 10.0/10.0 | 1/1 tools have creator and || | | | version |+ +--------------------------------+-----------+--------------------------------+| | sbom_with_primary_component | 10.0/10.0 | primary component found |+-----------------------+--------------------------------+-----------+--------------------------------+| Semantic | comp_with_checksums | 10.0/10.0 | 1/1 have checksums |+ +--------------------------------+-----------+--------------------------------+| | comp_with_licenses | 10.0/10.0 | 1/1 have licenses |+ +--------------------------------+-----------+--------------------------------+| | sbom_required_fields | 10.0/10.0 | Doc Fields:true Pkg || | | | Fields:true |+-----------------------+--------------------------------+-----------+--------------------------------+| Sharing | sbom_sharable | 10.0/10.0 | doc has a sharable license || | | | free 1 :: of 1 |+-----------------------+--------------------------------+-----------+--------------------------------+| Structural | sbom_parsable | 10.0/10.0 | provided sbom is parsable |+ +--------------------------------+-----------+--------------------------------+| | sbom_spec | 10.0/10.0 | provided sbom is in a || | | | supported sbom format of || | | | spdx,cyclonedx |+ +--------------------------------+-----------+--------------------------------+| | sbom_spec_file_format | 10.0/10.0 | provided sbom should be in || | | | supported file format for || | | | spec: json and version: || | | | json,yaml,rdf,tag-value |+ +--------------------------------+-----------+--------------------------------+| | sbom_spec_version | 10.0/10.0 | provided sbom should be in || | | | supported spec version for || | | | spec:SPDX-2.3 and versions: || | | | SPDX-2.1,SPDX-2.2,SPDX-2.3 |+-----------------------+--------------------------------+-----------+--------------------------------+
Solution
Add a new column named "Remediation" to provide suggestions for improving scores.
For scores of 0.0 or low scores, include specific actionable steps to address the deficiencies.
The text was updated successfully, but these errors were encountered:
Description
Currently, the sbomqs score command does not provide feedback or suggestions for remediation when elements receive a low score or a score of 0.0. Including a separate column for remediation would greatly enhance the tool's usability by guiding users on how to improve their SBOM quality.
Solution
The text was updated successfully, but these errors were encountered: