Software Identification (SWID) Tag Tools
This project provides a set of Java-based tools for the generation and validation of Software Identification (SWID) tags produced by the NIST SWID Tagging Project. These tools support XML-based SWID tags based on the format defined by ISO/IEC 19770-2:2015, and Concise Binary Object Representation (CBOR) based concise SWID (CoSWID) tags based on the IETF CoSWID specification.
Included in this repository are the sources for:
- swid-builder: A Java API for building SWID and CoSWID tags.
- swidval: A command line tool and API for validating SWID and CoSWID tags against schema requirements and best practice guidance.
- swid-maven-plugin: Supports SWID generation in an Apache Maven build environment.
- swidval-webapp: A simple, proof of concept webapp that provides a SWID validation service that is deployable to a Java application server.
- swid-repo-client: A Java-based client for posting SWID tags to the National Vulnerability Database (NVD).
Please refer to each sub-module for usage instructions.