Skip to content

Comparator tool for evaluation of the output from multiple bill-of-material analyzers

License

Notifications You must be signed in to change notification settings

timovandeput/bompare

 
 

Repository files navigation

Bompare, a tool to compare the Software Bill-of-Materials from multiple sources

Usage

The bompare tool can be used to compare generated bill-of-materials files to identify differences between sources. Comparison is either between the libraries identified by various sources, or on the licenses for the libraries identified by all sources in the comparison. Outputs are CSV files with a column per source.

It currently reads:

To allow license comparison, it automatically transforms official license titles to SPDX identifiers, and allows customized translations using an external CSV file.

The executable is a multi-platform command line executable with built-in usage help. It should compile and run on OSX/Linux/Windows, but has been developed on OSX.

Building the executable

  1. Install Dart 2.12.0 (or newer) SDK according to the instructions. E.g.:
    • OSX (Mac) using brew: brew tap dart-lang/dart and then brew install dart
    • Windows using Chocolatey: choco install dart-sdk
    • With docker docker run -it --rm -v $(pwd):/work -w /work google/dart ./build.sh
  2. Globally install the coverage helper tooling: dart pub global activate coverage.
  3. Install "lcov" coverage visualization tooling.
  4. Run build.sh to run all tests and build a native executable called bompare.

If the coverage tools are installed, the build results in an update of the coverage badge and a static web site with coverage details.

About

Comparator tool for evaluation of the output from multiple bill-of-material analyzers

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Dart 99.5%
  • Shell 0.5%