add report and score for fsct

Signed-off-by: Vivek Kumar Sahu <[email protected]>

Author: viveksahu26

cmd/compliance.go

@@ -41,6 +41,12 @@ var complianceCmd = &cobra.Command{
 
   # Check a OpenChain Telco compliance against a SBOM in a JSON output
   sbomqs compliance --oct --json samples/sbomqs-spdx-syft.json
+
+  # Check a V3 Framing document compliance  against a SBOM in a table output
+  sbomqs compliance --fsct-v3 <sbom>
+
+  # Check a V3 Framing document compliance  against a SBOM in a JSON output
+  sbomqs compliance --fsct-v3 -j <sbom>
 `,
 	Args: func(cmd *cobra.Command, args []string) error {
 		if err := cobra.ExactArgs(1)(cmd, args); err != nil {
@@ -74,6 +80,7 @@ func setupEngineParams(cmd *cobra.Command, args []string) *engine.Params {
 	// engParams.Ntia, _ = cmd.Flags().GetBool("ntia")
 	engParams.Bsi, _ = cmd.Flags().GetBool("bsi")
 	engParams.Oct, _ = cmd.Flags().GetBool("oct")
+	engParams.Fsct, _ = cmd.Flags().GetBool("fsct")
 
 	engParams.Debug, _ = cmd.Flags().GetBool("debug")
 
@@ -100,4 +107,5 @@ func init() {
 	complianceCmd.Flags().BoolP("bsi", "c", false, "BSI TR-03183-2 v1.1 compliance")
 	// complianceCmd.MarkFlagsMutuallyExclusive("ntia", "cra")
 	complianceCmd.Flags().BoolP("oct", "t", false, "OpenChainTelco compliance")
+	complianceCmd.Flags().BoolP("fsct-v3", "fv", false, "V3 Framing document compliance")
 }

pkg/compliance/common/common.go

@@ -0,0 +1,157 @@
+// Copyright 2024 Interlynk.io
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package common
+
+import (
+	"time"
+
+	"github.com/interlynk-io/sbomqs/pkg/cpe"
+	"github.com/interlynk-io/sbomqs/pkg/omniborid"
+	"github.com/interlynk-io/sbomqs/pkg/purl"
+	"github.com/interlynk-io/sbomqs/pkg/sbom"
+	"github.com/interlynk-io/sbomqs/pkg/swhid"
+	"github.com/interlynk-io/sbomqs/pkg/swid"
+	"github.com/samber/lo"
+)
+
+func CheckTools(tools []sbom.GetTool) (string, bool) {
+	for _, tool := range tools {
+		if name := tool.GetName(); name != "" {
+			return name, true
+		}
+	}
+	return "", false
+}
+
+func CheckAuthors(authors []sbom.Author) (string, bool) {
+	for _, author := range authors {
+		if email := author.Email(); email != "" {
+			return email, true
+		}
+	}
+	return "", false
+}
+
+func CheckSupplier(supplier sbom.GetSupplier) (string, bool) {
+	if email := supplier.GetEmail(); email != "" {
+		return email, true
+	}
+
+	if url := supplier.GetURL(); url != "" {
+		return url, true
+	}
+
+	if contacts := supplier.GetContacts(); contacts != nil {
+		for _, contact := range contacts {
+			if email := contact.Email(); email != "" {
+				return email, true
+			}
+		}
+	}
+	return "", false
+}
+
+func CheckManufacturer(manufacturer sbom.Manufacturer) (string, bool) {
+	if email := manufacturer.GetEmail(); email != "" {
+		return email, true
+	}
+
+	if url := manufacturer.GetURL(); url != "" {
+		return url, true
+	}
+
+	if contacts := manufacturer.GetContacts(); contacts != nil {
+		for _, contact := range contacts {
+			if email := contact.Email(); email != "" {
+				return email, true
+			}
+		}
+	}
+	return "", false
+}
+
+func CheckTimestamp(timestamp string) (string, bool) {
+	_, err := time.Parse(time.RFC3339, timestamp)
+	if err != nil {
+		return timestamp, false
+	}
+	return timestamp, true
+}
+
+func CheckPurls(purl []purl.PURL) (string, bool) {
+	if result := string(purl[0]); result != "" {
+		return result, true
+	}
+	return "", false
+}
+
+func CheckCpes(cpes []cpe.CPE) (string, bool) {
+	if result := string(cpes[0]); result != "" {
+		return result, true
+	}
+	return "", false
+}
+
+func CheckOmnibor(omni []omniborid.OMNIBORID) (string, bool) {
+	if result := string(omni[0]); result != "" {
+		return result, true
+	}
+	return "", false
+}
+
+func CheckSwhid(swhid []swhid.SWHID) (string, bool) {
+	if result := string(swhid[0]); result != "" {
+		return result, true
+	}
+	return "", false
+}
+
+func CheckSwid(swid []swid.SWID) (string, bool) {
+	if swid[0].GetTagID() != "" && swid[0].GetName() != "" {
+		result := string(swid[0].GetTagID()) + ", " + string(swid[0].GetName())
+		return result, true
+	}
+	return "", false
+}
+
+func CheckHash(checksums []sbom.GetChecksum) (string, bool) {
+	algos := []string{"SHA256", "SHA-256", "sha256", "sha-256", "SHA1", "SHA-1", "sha1", "sha-1", "MD5", "md5"}
+	for _, checksum := range checksums {
+		algo := checksum.GetAlgo()
+		if lo.Contains(algos, algo) {
+			if content := checksum.GetContent(); content != "" {
+				return content, true
+			}
+		}
+	}
+	return "", false
+}
+
+func CheckHigherHash(checksums []sbom.GetChecksum) (string, bool) {
+	recommendedAlgos := []string{"SHA-512"}
+	for _, checksum := range checksums {
+		algo := checksum.GetAlgo()
+		if lo.Contains(recommendedAlgos, algo) {
+			if content := checksum.GetContent(); content != "" {
+				return content, true
+			}
+		}
+	}
+	return "", false
+}
+
+func CheckCopyright(cp string) (string, bool) {
+	return cp, cp != "NOASSERTION" && cp != "NONE"
+}

pkg/compliance/compliance.go

@@ -19,6 +19,7 @@ import (
 	"errors"
 	"fmt"
 
+	"github.com/interlynk-io/sbomqs/pkg/compliance/fsct"
 	"github.com/interlynk-io/sbomqs/pkg/logger"
 	"github.com/interlynk-io/sbomqs/pkg/sbom"
 )
@@ -28,6 +29,7 @@ const (
 	BSI_REPORT  = "BSI"
 	NTIA_REPORT = "NTIA"
 	OCT_TELCO   = "OCT"
+	FSCT_V3     = "FSCT"
 )
 
 //nolint:revive,stylecheck
@@ -55,20 +57,26 @@ func ComplianceResult(ctx context.Context, doc sbom.Document, reportType, fileNa
 		return errors.New("output format is empty")
 	}
 
-	if reportType == BSI_REPORT {
+	switch {
+	case reportType == BSI_REPORT:
 		bsiResult(ctx, doc, fileName, outFormat)
-	}
 
-	if reportType == NTIA_REPORT {
+	case reportType == NTIA_REPORT:
 		ntiaResult(ctx, doc, fileName, outFormat)
-	}
 
-	if reportType == OCT_TELCO {
+	case reportType == OCT_TELCO:
 		if doc.Spec().GetSpecType() != "spdx" {
 			fmt.Println("The Provided SBOM spec is other than SPDX. Open Chain Telco only support SPDX specs SBOMs.")
 			return nil
 		}
 		octResult(ctx, doc, fileName, outFormat)
+
+	case reportType == FSCT_V3:
+		fsct.FsctResult(ctx, doc, fileName, outFormat)
+
+	default:
+		fmt.Println("No compliance type is provided")
+
 	}
 
 	return nil

pkg/compliance/db/db.go

@@ -1,10 +1,10 @@
-// Copyright 2023 Interlynk.io
+// Copyright 2024 Interlynk.io
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//	http://www.apache.org/licenses/LICENSE-2.0
+//     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,

pkg/compliance/db/db_test.go

@@ -1,10 +1,10 @@
-// Copyright 2023 Interlynk.io
+// Copyright 2024 Interlynk.io
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//	http://www.apache.org/licenses/LICENSE-2.0
+//     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,