{"id":25953528,"url":"https://github.com/shiftleftcyber/sbom-validator","last_synced_at":"2025-10-19T09:52:28.551Z","repository":{"id":280621574,"uuid":"942349386","full_name":"shiftleftcyber/sbom-validator","owner":"shiftleftcyber","description":"A lightweight Go library for validating Software Bill of Materials (SBOM) against industry-standard specifications","archived":false,"fork":false,"pushed_at":"2025-03-04T11:48:12.000Z","size":310,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-04T12:29:05.120Z","etag":null,"topics":["bill-of-materials","bom","cyclonedx","cyclonedx-sbom","go-module","golang","sbom","sbom-tool","sbom-tools","software-bill-of-materials","spdx","spdx-sbom","supply-chain","supply-chain-security","vex"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shiftleftcyber.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-04T01:12:52.000Z","updated_at":"2025-03-04T11:48:15.000Z","dependencies_parsed_at":"2025-03-04T12:40:32.587Z","dependency_job_id":null,"html_url":"https://github.com/shiftleftcyber/sbom-validator","commit_stats":null,"previous_names":["shiftleftcyber/sbom-validator"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shiftleftcyber%2Fsbom-validator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shiftleftcyber%2Fsbom-validator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shiftleftcyber%2Fsbom-validator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shiftleftcyber%2Fsbom-validator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shiftleftcyber","download_url":"https://codeload.github.com/shiftleftcyber/sbom-validator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241871420,"owners_count":20034462,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bill-of-materials","bom","cyclonedx","cyclonedx-sbom","go-module","golang","sbom","sbom-tool","sbom-tools","software-bill-of-materials","spdx","spdx-sbom","supply-chain","supply-chain-security","vex"],"created_at":"2025-03-04T15:29:07.598Z","updated_at":"2025-10-19T09:52:28.546Z","avatar_url":"https://github.com/shiftleftcyber.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ShiftSBOM Validator\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/shiftleftcyber/sbom-validator.svg)](https://pkg.go.dev/github.com/shiftleftcyber/sbom-validator)\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](LICENSE)\n[![Go Report Card](https://goreportcard.com/badge/github.com/shiftleftcyber/sbom-validator)](https://goreportcard.com/report/github.com/shiftleftcyber/sbom-validator)\n![GitHub release (latest by date)](https://img.shields.io/github/v/release/shiftleftcyber/sbom-validator)\n\n\n## Overview\n\n**sbom-validator** is a Go library designed to validate\n**Software Bill of Materials (SBOMs)** against the official\nSBOM specifications. It ensures compliance with formats like\n**CycloneDX** \u0026 **SPDX** and helps maintain software supply chain security.\n\n## Features\n\n✅ Detects SBOM type (e.g., CycloneDX, SPDX)\n\n✅ Extracts SBOM version\n\n✅ Validates SBOM against official schemas\n\n✅ Provides detailed validation errors\n\n## Installation\n\nUse `go get` to install the package:\n\n```sh\ngo get github.com/shiftleftcyber/sbom-validator\n```\n\n## Usage\n\n```go\n\npackage main\n\nimport (\n \"fmt\"\n \"log\"\n \"os\"\n\n \"github.com/shiftleftcyber/sbom-validator\"\n)\n\nfunc main() {\n\n sbomPath := flag.String(\"file\", \"\", \"Path to the SBOM JSON file\")\n flag.Parse()\n\n // Ensure the file path is provided\n if *sbomPath == \"\" {\n log.Fatal(\"Usage: go run main.go -file=\u003cpath-to-sbom.json\u003e\")\n }\n\n // Read SBOM file\n jsonData, err := os.ReadFile(*sbomPath)\n if err != nil {\n log.Fatalf(\"Failed to read SBOM file: %v\", err)\n }\n\n isValid, validationErrors, err := sbomvalidator.ValidateSBOMData(jsonData)\n if err != nil {\n log.Fatalf(\"Error during validation - %v\", err)\n }\n\n if isValid {\n fmt.Println(\"SBOM is valid\")\n } else {\n fmt.Printf(\"Validation failed! Showing up to %d errors:\\n\", 10)\n\n for i, errMsg := range validationErrors {\n if i \u003e= 10 {\n fmt.Printf(\"...and %d more errors.\\n\", len(validationErrors)-10)\n break\n }\n fmt.Printf(\"- %s\\n\", errMsg)\n }\n }\n}\n```\n\n## Running Tests\n\n```sh\ngo test ./...\n```\n\nor you can use the included Makefile\n\n```sh\nmake test\n```\n\n## License\n\nThis project is licensed under the MIT License.\n\n## Contributing\n\nContributions are welcome! Please open an issue or submit a pull request.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshiftleftcyber%2Fsbom-validator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshiftleftcyber%2Fsbom-validator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshiftleftcyber%2Fsbom-validator/lists"}