SBOM Quality Assurance Documentation

Welcome to the SBOM Quality Assurance (SBOM-QA) project.

Project Overview

SBOM QA is a benchmarking initiative for evaluating open source Software Composition Analysis (SCA) tools and their SBOM outputs.

Key Questions:

• How complete is the SBOM? Are all dependencies detected?
• What is the quality of the SBOM? Is it compliant with industry standards?

Documentation

• Project Objectives - Goals and scope of SBOM-QA
• SBOM-QA Test Guide - Complete methodology, tools, test targets, and results

Quick Links

• GitHub Repository
• Main README
• License

About

The initial study was conducted in 2025 through a collaboration between Metropolia School of Applied Sciences and Nokia.

Contributors: Elham Rastighahfarokhi, Mehdi Nourivahid, Mostafa Sharghi
Oversight: Gergely Csatari

How to collaborate?

• Raise any concerns and issues as a GitHub issue
• Add more tools using GitHub pull requests

---

License: BSD 3-Clause License