/bompare

Comparator tool for evaluation of the output from multiple bill-of-material analyzers

Primary LanguageDartMIT LicenseMIT

Bompare, a tool to compare the Software Bill-of-Materials from multiple sources

Usage

The bompare tool can be used to compare generated bill-of-materials files to identify differences between sources. Comparison is either between the libraries identified by various sources, or on the licenses for the libraries identified by all sources in the comparison. Outputs are CSV files with a column per source.

It currently reads:

To allow license comparison, it automatically transforms official license titles to SPDX identifiers, and allows customized translations using an external CSV file.

The executable is a multi-platform command line executable with built-in usage help. It should compile and run on OSX/Linux/Windows, but has been developed on OSX.

Building the executable

  1. Install Dart 2.12.0 (or newer) SDK according to the instructions. E.g.:
    • OSX (Mac) using brew: brew tap dart-lang/dart and then brew install dart
    • Windows using Chocolatey: choco install dart-sdk
    • With docker docker run -it --rm -v $(pwd):/work -w /work google/dart ./build.sh
  2. Globally install the coverage helper tooling: dart pub global activate coverage.
  3. Globally install the flutter_coverage_badge: dart pub global activate flutter_coverage_badge.
  4. Install "lcov" coverage visualization tooling.
  5. Run build.sh to run all tests and build a native executable called bompare.

If the coverage tools are installed, the build results in an update of the coverage badge and a static web site with coverage details.