sbom-tools — Qtonic Quantum Score 28.2/100 | Qtonic Quantum Lab

Back to Registry

API CheckingRegistry CheckingTrust Checking

sbom-tools

Below Threshold

sbom-tool

migration_advisory

Evidence source: Live API

28.2

Rank unavailable

Score Radar

Overview

Semantic SBOM/CBOM diff, quality scoring, and TUI analysis tool for CycloneDX/SPDX — covering component changes, dependency shifts, license conflicts, vulnerabilities, cryptographic inventory grading, and PQC compliance (CNSA 2.0, NIST IR 8547).

Algorithms

Languages

NIST Level

LicenseMIT

RepositorySource

Dimension Breakdown

Algorithm CorrectnessVerified

2.4/10

Verify email for evidence chains and agent vote details

PerformanceVerified

2.5/10

Verify email for evidence chains and agent vote details

Key & Ciphertext SizeVerified

3.9/10

Verify email for evidence chains and agent vote details

Side Channel ResistanceVerified

5.6/10

Verify email for evidence chains and agent vote details

InteroperabilityVerified

2.7/10

Verify email for evidence chains and agent vote details

Standards ComplianceVerified

2.4/10

Verify email for evidence chains and agent vote details

MaturityInferred

2.3/10

Verify email for evidence chains and agent vote details

DocumentationVerified

2.9/10

Verify email for evidence chains and agent vote details

Supply ChainInferred

2.3/10

Verify email for evidence chains and agent vote details

Quantum ResistanceVerified

2.3/10

Verify email for evidence chains and agent vote details

Score History

Standards Compliance

FIPS 203 (ML-KEM)

NIST — N/A

FIPS 204 (ML-DSA)

NIST — N/A

FIPS 205 (SLH-DSA)

NIST — N/A

CNSA 2.0

NSA — N/A

NSM-10

White House — N/A

EO 14028

White House — N/A

PCI DSS 4.0.1

PCI SSC — N/A

HIPAA

HHS — N/A

GDPR

EU — N/A

POPIA

South Africa — N/A

PDPA

Singapore — N/A

LGPD

Brazil — N/A

Highlights

+The description states the tool provides PQC compliance checking for CNSA 2.0 and NIST IR 8547 along with cryptographic inventory grading.
+The description indicates support for semantic SBOM/CBOM diff and quality scoring across CycloneDX and SPDX formats.
+Documentation metadata confirms availability of a README, security policy, docs/ directory, examples/ directory, API documentation, and migration guide.
+The solution is distributed under the MIT license via the public repository at https://github.com/microsoft/sbom-tool.

Concerns

-Algorithms are listed as 'Not specified,' offering no transparency into which post-quantum algorithms are addressed.
-NIST Levels are listed as 'Not specified,' indicating no claimed security strength for PQC-related features.
-FIPS 140 Certified is marked 'No,' reflecting the absence of a validated cryptographic module.
-Standards Compliance is listed as 'Not assessed,' indicating no formal evaluation against applicable standards has been completed.

Last evaluated: May 23, 2026

Status: active

Published with audit trail

Want this analysis for sbom-tools?

Start with QScout Free for a verified website snapshot, then scope Surface, Silver, or Gold when approved evidence is needed for inventory, roadmap, and remediation decisions.

Start QScout Free

Your vendors are not on this list?

We evaluate any PQC solution on request. Submit a vendor and we will add it to the Qtonic Quantum Lab registry within 48 hours.

Request an Evaluation