Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question #220

Closed
ha0lyu opened this issue Nov 30, 2023 · 2 comments
Closed

Question #220

ha0lyu opened this issue Nov 30, 2023 · 2 comments

Comments

@ha0lyu
Copy link

ha0lyu commented Nov 30, 2023

Hello, I want to know whether this tool can generate SBOM by analyzing Java project files (binary or source code) or other files, if it could generate SBOM, what formats does it support?
Maybe, the tool is made for consume SPDX SBOM?
I will appreciate it very much if you could answer my questions.
@goneall
Copy link
Member

goneall commented Nov 30, 2023

Hi @Donkey-Hao - This project is designed to be a library used by any tool which generates or consumes SPDX document - it isn't really a standalone application. It supports SPDX version 2.0 and later formats (2.0, 2.1, 2.2 and 2.3).

There is a general utility tools-java which is a command line tool to help manage SPDX documents - but it doesn't do any analysis or scanning itself.

If you're looking for a scanning solution, check out the SPDX tools page for a list of open source and commercial tools which support the SPDX format.

@ha0lyu
Copy link
Author

ha0lyu commented Dec 5, 2023

I understand, Thanks for ur help. @goneall

@ha0lyu ha0lyu closed this as completed Dec 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@goneall @ha0lyu