sbom-tool/sbom-tools

RustMITactiverising

Health

Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX — covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).

Stars226

Forks13

Open Issues1

Contributors13

Last Push0d ago

Health Breakdown

Activity

Community

Maintenance

View on GitHub ↗Issues (1) ↗Pull Requests ↗

Should you contribute to sbom-tool/sbom-tools?

sbom-tool/sbom-tools has a FoundDev health score of 89/100, which puts it in the active-and-maintained tier. The maintainer team is shipping recently, issues are being closed, and a PR you open this week has a realistic chance of being reviewed.

Last push was 0 days ago — that signals an actively maintained project. New issues are likely to get a maintainer response within days. The project is written primarily in Rust, so prior Rust experience will shorten ramp-up.

Licensed under MIT, a standard OSI-approved license — safe to contribute to under normal employer IP policies.