Hi
I have used the nsc-sbom utillity to generate an SBOM for my project.
However, instead of the HTML output format I need to generate it in a FDA recognized format like CycloneDX.
Is that possible somehow?
rgds Tage
Hi
I have used the nsc-sbom utillity to generate an SBOM for my project.
However, instead of the HTML output format I need to generate it in a FDA recognized format like CycloneDX.
Is that possible somehow?
rgds Tage
Hello Tage,
Let me confirm internally and follow up with you. There is a holiday coming up, so unfortunately it might take a few days. My apology for the inconvenience.
Regards,
Hieu
Hello Tage,
Let me confirm internally and follow up with you. There is a holiday coming up, so unfortunately it might take a few days. My apology for the inconvenience.
Regards,
Hieu
Hi Tage,
It seems that ncs-sbom can generate the report in SPDX output format. Notice this from running west ncs-sbom -h:
--output-spdx OUTPUT_SPDX Generate output SPDX report. (default: None)
I cannot find a direct refence from the FDA that says so, but from third party sources, it seems that the FDA accepts SPDX. Could you please check this?
If CycloneDX is needed, it looks like there is a tool on the CycloneDX GitHub to convert SPDS format to CycloneDX. See: https://github.com/CycloneDX/cyclonedx-cli.
Regards,
Hieu
Please be informed that due to a short holiday, there will be some delays in our responses in the coming days. Our apologies for the inconvenience.
Hi Hieu,
Thanks you for this input - and sorry it didn't occur to me to simply run west ncs-bom -h.
SPDX is also an accepted format fro FDA per my understanding, so I will try this out and review the results with out Security SME.
Thank you.
Regards Tage
Using parameter --output-spdx does not produce a JSON format that cyclonedx-cli expects