protobom
protobom is a protocol buffers
representation of SBOM data able to ingest documents in modern
SPDX and CycloneDX versions
without loss. It has an accompaining go library generated from the protocol
buffers definiton that also implements ingesters for those formats.
Standard SBOMs are read by a reader using parsers that understand the common formats. Parsers create a neutral protobom from data read from CycloneDX or SPDX documents.
A protobom can be rendered into standard SBOM formats by the writer using serializers that know how to generate those documents.
Supported Versions and Formats
The following table summarizes the current support for formats and encodings in the golang library.
| Format | Version | Encoding | Read | Write |
|---|---|---|---|---|
| SPDX | 2.2 | JSON | planned | - |
| SPDX | 2.2 | tag-value | planned | - |
| SPDX | 2.3 | JSON | supported | planned |
| SPDX | 2.3 | tag-value | planned | - |
| SPDX | 3.0 | JSON | planned | planned |
| CycloneDX | 1.4 | JSON | planned | supported |
| CycloneDX | 1.5 | JSON | planned | planned |
Other read and write implementations can potentially be written in other languages supported by protobuf