The bompare
tool can be used to compare generated bill-of-materials files
to identify differences between sources. Comparison is either between the
libraries identified by various sources, or on the licenses for the
libraries identified by all sources in the comparison. Outputs are CSV
files with a column per source.
It currently reads:
- (Internal) reference format (BOM only)
- WhiteSource inventory JSON export format
- BlackDuck report export ZIP and directory format
- SPDX tag-value format with purl package references
- JK1 Gradle license report JSON format
- Tern JSON format
- Maven 3rd party license report TXT format
- NPM license-checker CSV format
To allow license comparison, it automatically transforms official license titles to SPDX identifiers, and allows customized translations using an external CSV file.
The executable is a multi-platform command line executable with built-in usage help. It should compile and run on OSX/Linux/Windows, but has been developed on OSX.
- Install Dart 2.12.0 (or newer) SDK according to the instructions.
E.g.:
- OSX (Mac) using brew:
brew tap dart-lang/dart
and thenbrew install dart
- Windows using Chocolatey:
choco install dart-sdk
- With docker
docker run -it --rm -v $(pwd):/work -w /work google/dart ./build.sh
- OSX (Mac) using brew:
- Globally install the coverage helper tooling:
dart pub global activate coverage
. - Install "lcov" coverage visualization tooling.
- Run
build.sh
to run all tests and build a native executable calledbompare
.
If the coverage tools are installed, the build results in an update of the coverage badge and a static web site with coverage details.