Last active
December 8, 2025 08:24
-
-
Save viveksahu26/585b42cf954c4d366dd04b664641fef9 to your computer and use it in GitHub Desktop.
sbomqs score o/p
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sbomqs dt \ | |
| --url "${DEPENDENCY_TRACK_URL}/" \ | |
| --api-key "${DEPENDENCY_TRACK_API_KEY}" \ | |
| ${DEPENDENCY_TRACK_PROJECT_ID} | |
| SBOM Quality Score: 5.1/10.0 Grade: D Components: 70 EngineVersion: 2 File: /tmp/tmpfile-80139997-35ed-41b6-bf30-e3f08ba6a7ab1391393063 | |
| Industry Profile Overviews: | |
| +--------------------------------+----------+-------+ | |
| | PROFILE | SCORE | GRADE | | |
| +--------------------------------+----------+-------+ | |
| | Interlynk | 5.0/10.0 | F | | |
| +--------------------------------+----------+-------+ | |
| | NTIA Minimum Elements (2021) | 5.6/10.0 | D | | |
| +--------------------------------+----------+-------+ | |
| | NTIA Minimum Elements (2025) - | 5.4/10.0 | D | | |
| | RFC | | | | |
| +--------------------------------+----------+-------+ | |
| | Framing Third Edition | 5.0/10.0 | F | | |
| | Compliance | | | | |
| +--------------------------------+----------+-------+ | |
| | BSI TR-03183-2 v1.1 | 5.0/10.0 | F | | |
| +--------------------------------+----------+-------+ | |
| | OpenChain Telco v1.1 | 3.5/10.0 | F | | |
| +--------------------------------+----------+-------+ | |
| Category Breakdown: | |
| +----------------+--------+-----------+-------+ | |
| | CATEGORY | WEIGHT | SCORE | GRADE | | |
| +----------------+--------+-----------+-------+ | |
| | Identification | 12.2% | 8.3/10.0 | B | | |
| +----------------+--------+-----------+-------+ | |
| | Provenance | 14.6% | 5.5/10.0 | D | | |
| +----------------+--------+-----------+-------+ | |
| | Integrity | 18.3% | 0.0/10.0 | F | | |
| +----------------+--------+-----------+-------+ | |
| | Completeness | 14.6% | 3.5/10.0 | F | | |
| +----------------+--------+-----------+-------+ | |
| | Licensing | 18.3% | 5.2/10.0 | D | | |
| +----------------+--------+-----------+-------+ | |
| | Vulnerability | 12.2% | 6.8/10.0 | D | | |
| +----------------+--------+-----------+-------+ | |
| | Structural | 9.8% | 10.0/10.0 | A | | |
| +----------------+--------+-----------+-------+ | |
| Score Breakdown: | |
| +------------------------+--------------------------------+---------------+-------------------------------------+ | |
| | CATEGORY | FEATURE | SCORE | DESC | | |
| +------------------------+--------------------------------+---------------+-------------------------------------+ | |
| | Identification (12.2%) | comp_with_name (4.9%) | 10.0/10.0 | complete | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_with_version (4.3%) | 5.1/10.0 | add to 34 components | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_with_local_id (3.0%) | 10.0/10.0 | complete | | |
| +------------------------+--------------------------------+---------------+-------------------------------------+ | |
| | Provenance (14.6%) | sbom_creation_timestamp (2.9%) | 10.0/10.0 | complete | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_authors (2.9%) | 0.0/10.0 | add author | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_tool_version (2.9%) | 10.0/10.0 | complete | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_supplier (2.2%) | 0.0/10.0 | add supplier | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_namespace (2.2%) | 10.0/10.0 | complete | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_lifecycle (1.5%) | 0.0/10.0 | add lifecycle | | |
| +------------------------+--------------------------------+---------------+-------------------------------------+ | |
| | Integrity (18.3%) | comp_with_strong_checksums | 0.0/10.0 | add to 70 components | | |
| | | (9.1%) | | | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_with_weak_checksums | 0.0/10.0 | no checksums found | | |
| | | (7.3%) | | | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_signature (1.8%) | 0.0/10.0 | add signature | | |
| +------------------------+--------------------------------+---------------+-------------------------------------+ | |
| | Completeness (14.6%) | comp_with_dependencies (3.7%) | 0.0/10.0 | add to 70 components | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_completeness_declared | 0.0/10.0 | add completeness | | |
| | | (2.2%) | | | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_primary_component (2.9%) | 10.0/10.0 | complete | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_with_source_code (2.2%) | 0.0/10.0 | add to 70 components | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_with_supplier (2.2%) | 0.0/10.0 | add to 70 components | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_with_purpose (1.5%) | 10.0/10.0 | complete | | |
| +------------------------+--------------------------------+---------------+-------------------------------------+ | |
| | Licensing (18.3%) | comp_with_licenses (3.7%) | 4.9/10.0 | add to 36 components | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_with_valid_licenses | 4.7/10.0 | add to 37 components | | |
| | | (3.7%) | | | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_no_deprecated_licenses | 10.0/10.0 | complete | | |
| | | (2.7%) | | | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_no_restrictive_licenses | 9.1/10.0 | review 6 components | | |
| | | (3.7%) | | | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_with_declared_licenses | 0.0/10.0 | add to 70 components | | |
| | | (2.7%) | | | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_data_license (1.8%) | 0.0/10.0 | add data license | | |
| +------------------------+--------------------------------+---------------+-------------------------------------+ | |
| | Vulnerability (12.2%) | comp_with_purl (12.2% OR) | 5.0/10.0 | add to 35 components | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_with_cpe (12.2% OR) | 8.6/10.0 | add to 10 components | | |
| +------------------------+--------------------------------+---------------+-------------------------------------+ | |
| | Structural (9.8%) | sbom_spec_declared (2.9%) | 10.0/10.0 | cyclonedx | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_spec_version (2.9%) | 10.0/10.0 | v1.5 | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_file_format (2.0%) | 10.0/10.0 | json | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | sbom_schema_valid (2.0%) | 10.0/10.0 | complete | | |
| +------------------------+--------------------------------+---------------+-------------------------------------+ | |
| | Component Quality | comp_eol_eos | Coming Soon.. | N/A | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_malicious | Coming Soon.. | N/A | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_vuln_sev_critical | Coming Soon.. | N/A | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_kev | Coming Soon.. | N/A | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_purl_valid | Coming Soon.. | N/A | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | comp_cpe_valid | Coming Soon.. | N/A | | |
| + +--------------------------------+---------------+-------------------------------------+ | |
| | | NOTE: Register Interest for | | https://forms.gle/WVoB3DrX9NKnzfhV8 | | |
| | | Component Analysis | | | | |
| +------------------------+--------------------------------+---------------+-------------------------------------+ | |
| Love to hear your feedback https://forms.gle/anFSspwrk7uSfD7Q6 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment