[Tool Request]: Add OpenChain Telco SBOM validator

[CsatariGergely]

Tool or Product name

OpenChain Telco SBOM Validator

Open Source or Proprietary

open source

Company or Organization name

OpenChain

Organization or Company Logo Usage

• Already a member of SPDX
• Permission to use logo as an SPDX supporter (required if not a member)

Public Contact Email or URL

https://github.com/OpenChain-Project/Telco-WG/tree/main/tools/openchain_telco_sbom_validator

Product or tool website

https://github.com/OpenChain-Project/Telco-WG/tree/main/tools/openchain_telco_sbom_validator

Description

A tool to validate SBOMs against version 1.0 of the OpenChain Telco SBOM Guide.

SBOM tool category

• Produce(Build)
• Produce(Analyze)
• Produce(Edit)
• Consume(View)
• Consume(Diff)
• Consume(Import)
• Transform(Translate)
• Transform(Merge)
• Transform(Tool Support)

SPDX Versions supported

• 2.0
• 2.1
• 2.2
• 2.3
• 3.0 In Progress
• 3.0

SPDX verification

As part of the OpenChain Telco spec validation the tool also verifies the basic SPDX szntax using the SPDX tools-python library.

How to procure

This is an open source project.

Installation instructions

pip3 install openchain-telco-sbom-validator

Link to quick start guide

https://github.com/OpenChain-Project/Telco-WG/blob/main/tools/openchain_telco_sbom_validator/README.md

Link to logo

No response

[podence]

I continue to have a conflict during the weekly meeting time. On the website Posted a link to a podcast w/Kate/Gary Received an update to tool which I quickly implemented Over the weekend received a new tool input which I will get to later From: Gergely Csatari ***@***.***> Date: Saturday, February 1, 2025 at 5:49 AM To: spdx/outreach ***@***.***> Cc: Subscribed ***@***.***> Subject: [spdx/outreach] [Tool Request]: Add OpenChain Telco SBOM validator (Issue #96) **This email was sent to a @synopsys.com address and forwarded to @blackduck.com. Please inform the sender of your new Black Duck email address.** Tool or Product name OpenChain Telco SBOM Validator Open Source or Proprietary open source Company or Organization name OpenChain Organization or Company Logo Usage Already a member of SPDX Permission to use logo as an SPDX supporter (required ZjQcmQRYFpfptBannerStart This Message Is From an External Sender Do not click links or open attachments unless you recognize the sender and know the content is safe. ZjQcmQRYFpfptBannerEnd Tool or Product name OpenChain Telco SBOM Validator Open Source or Proprietary open source Company or Organization name OpenChain Organization or Company Logo Usage * Already a member of SPDX * Permission to use logo as an SPDX supporter (required if not a member) Public Contact Email or URL https://github.com/OpenChain-Project/Telco-WG/tree/main/tools/openchain_telco_sbom_validator<https://urldefense.com/v3/__https:/github.com/OpenChain-Project/Telco-WG/tree/main/tools/openchain_telco_sbom_validator__;!!A4F2R9G_pg!Y_1n3MO6TwXvTpMMQKI3QMDXaBX4J3shcvxFteJekLSb3aU-zSnzOyOIV_ivcDZinwoaZSVBjESZk28pXVwT43OS5XdUsP1S$> Product or tool website https://github.com/OpenChain-Project/Telco-WG/tree/main/tools/openchain_telco_sbom_validator<https://urldefense.com/v3/__https:/github.com/OpenChain-Project/Telco-WG/tree/main/tools/openchain_telco_sbom_validator__;!!A4F2R9G_pg!Y_1n3MO6TwXvTpMMQKI3QMDXaBX4J3shcvxFteJekLSb3aU-zSnzOyOIV_ivcDZinwoaZSVBjESZk28pXVwT43OS5XdUsP1S$> Description A tool to validate SBOMs against version 1.0 of the OpenChain Telco SBOM Guide<https://urldefense.com/v3/__https:/github.com/OpenChain-Project/Telco-WG/blob/main/OpenChain-Telco-SBOM-Guide_EN.md__;!!A4F2R9G_pg!Y_1n3MO6TwXvTpMMQKI3QMDXaBX4J3shcvxFteJekLSb3aU-zSnzOyOIV_ivcDZinwoaZSVBjESZk28pXVwT43OS5UbV0sTF$>. SBOM tool category * Produce(Build) * Produce(Analyze) * Produce(Edit) * Consume(View) * Consume(Diff) * Consume(Import) * Transform(Translate) * Transform(Merge) * Transform(Tool Support) SPDX Versions supported * 2.0 * 2.1 * 2.2 * 2.3 * 3.0 In Progress * 3.0 SPDX verification As part of the OpenChain Telco spec validation the tool also verifies the basic SPDX szntax using the SPDX tools-python library<https://urldefense.com/v3/__https:/github.com/spdx/tools-python__;!!A4F2R9G_pg!Y_1n3MO6TwXvTpMMQKI3QMDXaBX4J3shcvxFteJekLSb3aU-zSnzOyOIV_ivcDZinwoaZSVBjESZk28pXVwT43OS5d7vJomU$>. How to procure This is an open source project. Installation instructions pip3 install openchain-telco-sbom-validator Link to quick start guide https://github.com/OpenChain-Project/Telco-WG/blob/main/tools/openchain_telco_sbom_validator/README.md<https://urldefense.com/v3/__https:/github.com/OpenChain-Project/Telco-WG/blob/main/tools/openchain_telco_sbom_validator/README.md__;!!A4F2R9G_pg!Y_1n3MO6TwXvTpMMQKI3QMDXaBX4J3shcvxFteJekLSb3aU-zSnzOyOIV_ivcDZinwoaZSVBjESZk28pXVwT43OS5XXHkHaZ$> Link to logo No response — Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https:/github.com/spdx/outreach/issues/96__;!!A4F2R9G_pg!Y_1n3MO6TwXvTpMMQKI3QMDXaBX4J3shcvxFteJekLSb3aU-zSnzOyOIV_ivcDZinwoaZSVBjESZk28pXVwT43OS5eNSDMpd$>, or unsubscribe<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/ABBJS4KEYWJKFHWVCWOU5TD2NSRBXAVCNFSM6AAAAABWJFI2ZOVHI2DSMVQWIX3LMV43ASLTON2WKOZSHAZDKMJTHAYDSOI__;!!A4F2R9G_pg!Y_1n3MO6TwXvTpMMQKI3QMDXaBX4J3shcvxFteJekLSb3aU-zSnzOyOIV_ivcDZinwoaZSVBjESZk28pXVwT43OS5Z721iJz$>. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[podence]

There was already a listing but I updated with the new/latest info.
Please validate a couple of judgment calls on my part.
Old listing had indicated support for 2.2 and 2.3. New form listed only 2.3, so I removed 2.2.
New form no SPDX tool category so I kept the old consume/view.