ossf · joshbressers · Sep 9, 2024 · Aug 13, 2024 · Aug 26, 2024 · Aug 26, 2024
@@ -0,0 +1 @@
+yamale==5.2.1
@@ -16,6 +16,21 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 'lts/*'
+
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+        with:
+          python-version: '3.10'
+          cache: 'pip' # caching pip dependencies
+      - run: pip install -r .github/requirements.txt
+
+      - name: Lint Catalog Data
+        run: yamllint -d relaxed SBOM-Catalog
+
+      - name: Schema Check Catalog Data
+        run: yamale -s SBOM-Catalog/schemas/data.yaml SBOM-Catalog/public/data.yaml
+
+      - name: Schema Check Catalog Filters
+        run: yamale -s SBOM-Catalog/schemas/filters.yaml SBOM-Catalog/public/filters.yaml
 
       - name: Install dependencies
         run: cd SBOM-Catalog && npm install

@@ -43,14 +43,15 @@ Abilities describe the capabilities of the tool. In what part of the software de
 - **Generate**  - *Can automatically generate a SBOM*
 - **Merge**     - *Can merge several SBOMs*
 - **Validate**  - *Can validate a SBOM against the file schema or requirements like defined by the NTIA*
+- **Sign**      - *Can sign a SBOM (according to the signage process of the schema)*
 
 ##### Type
 SBOMs may contain different forms of the minimum information sourced from different
 product artifacts. The following types are supported as published by the [NTIA](https://www.cisa.gov/resources-tools/resources/types-software-bill-materials-sbom). Because many tools specifically support the scanning of container images, the category **Container** is added additionally. Even if container scans can be considered *Analyzed*:
 - Design
 - Source
 - Build
-- Analyzed
+- Analyze
 - Deployed
 - Runtime
 - Container