DemaConsulting.SpdxTool 2.2.0

Prefix Reserved
dotnet tool install --global DemaConsulting.SpdxTool --version 2.2.0                
This package contains a .NET tool you can call from the shell/command line.
dotnet new tool-manifest # if you are setting up this repo
dotnet tool install --local DemaConsulting.SpdxTool --version 2.2.0                
This package contains a .NET tool you can call from the shell/command line.
#tool dotnet:?package=DemaConsulting.SpdxTool&version=2.2.0                
nuke :add-package DemaConsulting.SpdxTool --version 2.2.0                

SPDX Tool

GitHub forks GitHub Repo stars GitHub contributors GitHub Build Quality Gate Status Security Rating

Dotnet tool for manipulating SPDX SBOM files

Installation

The following will add SpdxTool to a Dotnet tool manifest file:

dotnet new tool-manifest # if you are setting up this repo
dotnet tool install --local DemaConsulting.SpdxTool

The tool can then be executed by:

dotnet spdx-tool <arguments>

Usage

The following shows the command-line usage of SpdxTool:

Usage: spdx-tool [options] <command> [arguments]

Options:
  -h, --help                               Show this help message and exit
  -v, --version                            Show version information and exit
  -l, --log <log-file>                     Log output to file
  -s, --silent                             Silence console output
  --validate                               Perform self-validation

Commands:
  help <command>                           Display extended help about a command
  add-package                              Add package to SPDX document (workflow only).
  add-relationship <spdx.json> <args>      Add relationship between elements.
  copy-package <spdx.json> <args>          Copy package between SPDX documents (workflow only).
  diagram <spdx.json> <mermaid.txt> [tools] Generate mermaid diagram.
  find-package <spdx.json> <criteria>      Find package ID in SPDX document
  get-version <spdx.json> <criteria>       Get the version of an SPDX package.
  hash <operation> <algorithm> <file>      Generate or verify hashes of files
  print <text>                             Print text to the console
  query <pattern> <program> [args]         Query program output for value
  rename-id <arguments>                    Rename an element ID in an SPDX document.
  run-workflow <workflow.yaml>             Runs the workflow file/url
  set-variable                             Set workflow variable (workflow only).
  to-markdown <spdx.json> <out.md> [args]  Create Markdown summary for SPDX document
  update-package                           Update package in SPDX document (workflow only).
  validate <spdx.json> [ntia]              Validate SPDX document for issues

A more detailed description of the usage can be found here

Workflow YAML Files

The SpdxTool can be driven using workflow yaml files of the following format:

# Workflow parameters
parameters:
  parameter-name: value

# Workflow steps
steps:
- command: <command-name>
  inputs:
    <arguments mapping>

- command: <command-name>
  inputs:
    input1: value
    input2: ${{ parameter-name }}

A more detailed description of workflow YAML files can be found here

Self Validation

Running self-validation produces a report containing the following information:

# DemaConsulting.SpdxTool

| Information         | Value                                              |
| :------------------ | :------------------------------------------------- |
| SpdxTool Version    | <version>                                         |
| Machine Name        | <machine-name>                                     |
| OS Version          | <os-version>                                       |
| DotNet Runtime      | <dotnet-runtime-version>                           |
| Time Stamp          | <timestamp>                                        |

Tests:

- AddPackage: Passed
- AddRelationship: Passed
- CopyPackage: Passed
- FindPackage: Passed
- GetVersion: Passed
- Query: Passed
- RenameId: Passed
- UpdatePackage: Passed

Validation Passed

On validation failure the tool will exit with a non-zero exit code.

This report may be useful in regulated industries requiring evidence of tool validation.

Additional Information

Additional information can be found at:

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last updated
2.2.0 106 12/1/2024
2.1.1 140 10/9/2024
2.1.0 99 10/3/2024
2.0.0 156 9/13/2024
1.4.1 129 9/13/2024
1.4.0 134 7/29/2024
1.3.2 78 7/24/2024
1.3.1 126 7/22/2024
1.3.0 149 7/15/2024
1.2.0 180 7/10/2024
1.1.0 179 6/30/2024
1.0.0 137 6/24/2024
0.1.0-beta.1 58 6/24/2024
0.1.0-alpha.10 102 6/6/2024
0.1.0-alpha.9 66 6/6/2024
0.1.0-alpha.8 110 6/5/2024
0.1.0-alpha.7 63 6/3/2024
0.1.0-alpha.6 107 5/29/2024
0.1.0-alpha.5 102 5/27/2024
0.1.0-alpha.4 63 5/27/2024
0.1.0-alpha.3 70 5/25/2024
0.1.0-alpha.2 71 5/20/2024
0.1.0-alpha.1 69 5/19/2024