Quality Score
5.9
SBOM File
1.4
| # | Semantic | Score: 3.3 | Learn More |
|---|---|---|---|
| 1 | SBOM includes all the required field specified by the specification |
10.0
|
- |
| 2 | Components of the SBOM include a license name |
0.0
|
|
| 3 | Components of the SBOM include a checksum value |
0.0
|
|
| # | NTIA-minimum-elements | Score: 7.1 | Learn More |
|---|---|---|---|
| 1 | Components of the SBOM include a name field |
10.0
|
- |
| 2 | SBOM includes a relationship among components |
0.0
|
|
| 3 | SBOM includes the name of the author(s) |
10.0
|
- |
| 4 | Components of the SBOM include a supplier name |
0.0
|
|
| 5 | SBOM includes the timestamp of its creation |
10.0
|
- |
| 6 | Components of the SBOM include a unique identifier |
10.0
|
- |
| 7 | Components of the SBOM include a version field |
10.0
|
- |
| # | Quality | Score: 4.3 | Learn More |
|---|---|---|---|
| 1 | Components of the SBOM include at least one vulnerability lookup identifier (CPE or PURL) |
10.0
|
- |
| 2 | Components of the SBOM include multiple vulnerability lookup identifiers (CPE and PURL) |
0.0
|
|
| 3 | SBOM includes creator tool and creator tool's version |
10.0
|
- |
| 4 | Components of the SBOM include a valid SPDX license |
0.0
|
|
| 5 | Compoents of the SBOM do not include any deprecated license |
0.0
|
|
| 6 | Components of the SBOM include value for its primary purpose |
10.0
|
- |
| 7 | Components of the SBOM do not include any restricted license |
0.0
|
|
| # | Sharing | Score: 0.0 | Learn More |
|---|---|---|---|
| 1 | SBOM file has an unencumbered license |
0.0
|
|
| # | Structural | Score: 10.0 | Learn More |
|---|---|---|---|
| 1 | SBOM file is successfully parsed |
10.0
|
- |
| 2 | SBOM file is in a supported specification: CycloneDX, SPDX |
10.0
|
- |
| 3 | SBOM file is in a supported version of the specification |
10.0
|
- |
| 4 | SBOM file is in a specification supported format |
10.0
|
- |