Expand description
sbom-tools: Semantic SBOM diff and analysis tool
A format-agnostic SBOM comparison tool that provides semantic diff operations
for CycloneDX and SPDX SBOMs with enterprise-grade reporting.
§Quick Start
use sbom_tools::{parse_sbom, DiffEngine, FuzzyMatchConfig};
use std::path::Path;
// Parse two SBOMs
let old = parse_sbom(Path::new("old.cdx.json")).unwrap();
let new = parse_sbom(Path::new("new.cdx.json")).unwrap();
// Compute semantic diff
let engine = DiffEngine::new()
.with_fuzzy_config(FuzzyMatchConfig::balanced());
let result = engine.diff(&old, &new).expect("diff failed");
println!("Changes: {}", result.summary.total_changes);Re-exports§
pub use config::AppConfig;pub use config::AppConfigBuilder;pub use config::ConfigPreset;pub use config::EnrichmentConfig;pub use config::TuiConfig;pub use config::BehaviorConfig;pub use config::FilterConfig;pub use config::GraphAwareDiffConfig;pub use config::MatchingConfig;pub use config::MatchingRulesPathConfig;pub use config::OutputConfig;pub use config::ConfigError;pub use config::Validatable;pub use config::DiffConfig;pub use config::MatrixConfig;pub use config::MultiDiffConfig;pub use config::TimelineConfig;pub use config::ViewConfig;pub use diff::DiffEngine;pub use diff::DiffResult;pub use diff::GraphDiffConfig;pub use enrichment::EnricherConfig;pub use enrichment::EnrichmentStats;pub use enrichment::NoOpEnricher;pub use enrichment::OsvEnricher;pub use enrichment::OsvEnricherConfig;pub use enrichment::VulnerabilityEnricher;pub use error::ErrorContext;pub use error::OptionContext;pub use error::Result;pub use error::SbomDiffError;pub use matching::ComponentMatcher;pub use matching::FuzzyMatchConfig;pub use matching::FuzzyMatcher;pub use matching::MatchResult;pub use matching::MatchTier;pub use matching::MatchingRulesConfig;pub use matching::RuleEngine;pub use model::CanonicalId;pub use model::Component;pub use model::ComponentSortKey;pub use model::NormalizedSbom;pub use model::NormalizedSbomIndex;pub use model::SbomIndexBuilder;pub use parsers::parse_sbom;pub use parsers::parse_sbom_str;pub use parsers::SbomParser;pub use quality::QualityGrade;pub use quality::QualityReport;pub use quality::QualityScorer;pub use quality::ScoringProfile;pub use reports::ReportFormat;pub use reports::ReportGenerator;pub use reports::StreamingReporter;Deprecated pub use reports::WriterReporter;pub use tui::CycleFilter;pub use tui::FilterState;pub use tui::ListState;pub use tui::OverlayState;pub use tui::SearchState;pub use tui::SearchStateCore;pub use tui::StatusMessage;pub use tui::ViewModelOverlayKind;
Modules§
- cli
- CLI command handlers.
- config
- Configuration module for sbom-tools.
- diff
- Semantic diff engine for SBOMs.
- enrichment
- Vulnerability enrichment module.
- error
- Unified error types for sbom-tools.
- matching
- Fuzzy matching engine for cross-ecosystem package correlation.
- model
- Intermediate representation for normalized SBOMs.
- parsers
- SBOM format parsers.
- pipeline
- Pipeline orchestration for SBOM operations.
- quality
- SBOM Quality Score module.
- reports
- Report generation for diff results.
- tui
- Rich TUI interface using ratatui.
- utils
- Shared utilities.