{"id":20617824,"url":"https://github.com/cyclonedx/sbom-comparator","last_synced_at":"2025-05-10T03:32:55.441Z","repository":{"id":48892327,"uuid":"369260043","full_name":"CycloneDX/sbom-comparator","owner":"CycloneDX","description":"Lockheed Martin developed utility to compare two CycloneDX SBOMs","archived":false,"fork":false,"pushed_at":"2021-10-21T04:12:06.000Z","size":1078,"stargazers_count":14,"open_issues_count":1,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2023-04-10T18:32:04.820Z","etag":null,"topics":["bill-of-materials","bom","cyclonedx","owasp","sbom","software-bill-of-materials"],"latest_commit_sha":null,"homepage":"https://cyclonedx.org/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CycloneDX.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-05-20T15:45:40.000Z","updated_at":"2023-04-03T20:55:37.000Z","dependencies_parsed_at":"2022-09-17T04:30:20.495Z","dependency_job_id":null,"html_url":"https://github.com/CycloneDX/sbom-comparator","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fsbom-comparator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fsbom-comparator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fsbom-comparator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fsbom-comparator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CycloneDX","download_url":"https://codeload.github.com/CycloneDX/sbom-comparator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224911873,"owners_count":17390844,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bill-of-materials","bom","cyclonedx","owasp","sbom","software-bill-of-materials"],"created_at":"2024-11-16T12:06:07.726Z","updated_at":"2024-11-16T12:06:08.405Z","avatar_url":"https://github.com/CycloneDX.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sbom-comparator\nLockheed Martin developed utility to compare two SBOMs\n\nThe SBomComparator is used to compare two Software Bill Of Materials (SBOM) commonly known as SBoms or Boms.  \nIt uses the CycloneDx Schema, and can consume SBoms in either JSon or XML, and produce a difference report in either JSon or XML. \nThe difference report can be viewed as an html display which is automatically generated. \n\n## Prerequisites\n- Open JDK11\n- Apache Maven 3.6.3 or greater installed \n- (Recommended) java IDE Eclipse with Subclipse 4.3.0 plug-in\n- Two Software Bill of Materials.\n\n## Usage:\n\n### Build artifact via maven.\n### Maven Command\nmvn clean package\n\n### Run\nTo run as a standalone java application, you can look at the \"example.sh\" shell script for an example.\nYou can also use the provided \"compare.sh\" script as a pass through to the jar.  It assumes all the basic settings.\n\n### Help is available.   \n\u003cpre\u003e\n./compare.sh -h\n\u003c/pre\u003e\n\n### Help Output shows options for running the SBomComparator application.\n\u003cpre\u003e\nusage: help\n    -f,     --format        \u0026lt;arg\u0026gt; (Optional) output file format, Valid values json, xml.  Default is xml\n    -f1,    --orgsbom       \u0026lt;arg\u0026gt; original SBom file\n    -f2,    --newsbom       \u0026lt;arg\u0026gt; new SBom file\n    -h,     --help            will print out the command line options.\n    -o,     --output        \u0026lt;arg\u0026gt; (Optional) output file name, default is diff.json or diff.xml\n    -ob,    --outputBomFile \u0026lt;arg\u0026gt; (Optional) output file of the diff bom,  default is diffBom.xml\n    -t,     --htmloutput    \u0026lt;arg\u0026gt; (Optional) output html file name, default name is sbomcompared\n\u003c/pre\u003e\n\n### Running SBomComparator.\n\n./compare.sh -f1 ./test/OrgSbom.xml -f2 ./test/ModifiedSbom.xml -o ./test/output -f xml -t ./test/output -ob ./test/newBom\n\n# API:\n## You can also pull in the API and run it inside your application.\n### From reading in a CycloneDx bom.xml or bom.json file via.\n\u003cpre\u003e\nBom bom = SBomFileUtils.processFile(new File(fileName));\n\u003c/pre\u003e\n\n### To compare two SBoms.\n\u003cpre\u003e\nSBomDiff diff = SBomCompareUtils.compareComponents(originalBom, newBom);\n\u003c/pre\u003e\n\n### Difference Report HTML\nThe Difference Report automatically generates a graphical display. If the user does not give a location with \"-t\", the file will be created at the root of the project with the name \"sbomcompared.html\" \n\n## Sample HTML output\n\n![](htmlexample.png)\n\n## License\n[licenses](./LICENSE)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyclonedx%2Fsbom-comparator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyclonedx%2Fsbom-comparator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyclonedx%2Fsbom-comparator/lists"}