Skip to content

Commit 7d4b645

Browse files
surendrapathaksurendrapathak
authored
Merge pull request #21 from interlynk-io/doc/update-readme
Update README.md
2 parents 8724a70 + 4f46189 commit 7d4b645

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

README.md

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,18 @@
11
## Overview
22

33
### What is SBOM quality score
4-
A quality SBOM is one that is accurate, complete, and up-to-date. It should accurately reflect the components and dependencies used in the software application, including their version and optionally any known vulnerabilities. In addition, it should be easily accessible to and understandable by stakeholders, such as developers, security teams, and compliance officers.
4+
A quality SBOM is one that is accurate, complete, and up-to-date. It should accurately reflect the components and dependencies used in the underlying product, including their versions and optionally all known vulnerabilities. In addition, it should be easily accessible to; and understandable by stakeholders - such as developers, security teams, and compliance officers.
55

6-
[Interlyk.io](mailto:hello@interlynk.io) has developed sbomqs to simplify the evaluation of SBOM quality for both producers and consumers. A higher score indicates greater usability of the SBOM contents.
6+
[Interlyk.io](mailto:hello@interlynk.io) has developed sbomqs to simplify the evaluation of SBOM quality for all stakholders. A higher `sbomqs` score indicates greater usability of the SBOM contents.
7+
8+
`sbomqs` evaluates SBOM against the set of rquirements recommeneded by [NTIA Minimum Elements](https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf) and improved by [OWASP Software Component Verification Standard](https://scvs.owasp.org/) (Work in progress) and in the future the tool will continue to align with related community and regulatory requirements.
9+
10+
The output format is inspired by [OpenSSF Security Scorecard](https://securityscorecards.dev/).
711

812
### SBOM Support
9-
We support SPDX and CycloneDX sbom standards, in various file formats.
13+
We support SPDX and CycloneDX sbom standards, in supported file formats:
14+
- CycloneDX: JSON, XML
15+
- SPDX: JSON, YAML, RDF, tag-value
1016

1117
### Installation
1218
Use the steps below to try out the tool.

0 commit comments

Comments
 (0)