sbom-tools 0.1.19

Semantic SBOM diff and analysis tool
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

//! SBOM Quality Score module.
//!
//! Provides comprehensive quality assessment for SBOMs based on completeness,
//! compliance, and best practices. Supports different scoring profiles for
//! various use cases.
//!
//! # Features
//!
//! - **Completeness scoring**: Measures how many recommended fields are populated
//! - **Compliance checking**: Validates against format requirements (CycloneDX/SPDX)
//! - **Best practice validation**: Checks for PURLs, licensing, supplier info, etc.
//! - **Actionable recommendations**: Provides specific improvement suggestions
//!
//! # Usage
//!
//! ```no_run
//! use sbom_tools::quality::{QualityScorer, ScoringProfile};
//! use sbom_tools::parsers::parse_sbom;
//! use std::path::Path;
//!
//! let sbom = parse_sbom(Path::new("sbom.json")).unwrap();
//! let scorer = QualityScorer::new(ScoringProfile::Standard);
//! let report = scorer.score(&sbom);
//!
//! println!("Overall score: {}/100", report.overall_score);
//! for rec in report.recommendations {
//!     println!("- {}: {}", rec.category.name(), rec.message);
//! }
//! ```

mod compliance;
mod metrics;
mod scorer;

pub use compliance::{
    ComplianceChecker, ComplianceLevel, ComplianceResult, Violation, ViolationCategory,
    ViolationSeverity,
};
pub use metrics::{
    AuditabilityMetrics, CompletenessMetrics, ComplexityFactors, ComplexityLevel,
    CryptographyMetrics, DependencyMetrics, HashQualityMetrics, IdentifierMetrics, LicenseMetrics,
    LifecycleMetrics, ProvenanceMetrics, VulnerabilityMetrics,
};
pub use scorer::{
    QualityGrade, QualityReport, QualityScorer, Recommendation, RecommendationCategory,
    SCORING_ENGINE_VERSION, ScoringProfile,
};