add ntia compliance report

Compliance.md

@@ -66,3 +66,21 @@ The [OpenChain Telco](https://github.com/OpenChain-Project/Reference-Material/bl
 | Timing of SBOM delivery | 3.6 | `SBOM delivery time` | delivery time | |
 | Method of SBOM delivery | 3.7 | `SBOM delivery method` | delivery method | |
 | SBOM Scope | 3.8 | `SBOM scope` | sbom scope | |
+
+## NTIA minimum elements: SBOM Requirements for NTIA
+
+The [NTIA](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03183/BSI-TR-03183-2.pdf) specifies mandatory properties for an SBOM. Below is how we have derived all the values.
+
+| NTIA minimum elements | Section ID | NTIA Fields | CycloneDX |SPDX(2.3)  | Notes |
+| :---   | :---  |:---   |   :---  |  :---  | :---   |
+| Automation Support | 1.1 | `Machine Readable Format` |  BomFormat & data forrmat | SPDXversion & data forrmat |  |
+| SBOM Data Fields | 2.1 |  `Author of the SBOM` | metadata->authors, metadata->supplier | creator  |   |
+|  | 2.2 |  `Timestamp` |  metadata->timestamp  |  created  |   |
+|  | 2.3 |  `present` |           |           | all package elements |
+| Package Data Fields | 2.4 |  `Package Name` |  component->name | package->name |  |
+|  | 2.5 |  `Dependency Relationship` | dependencies, composition | relationships  |  |
+|  | 2.6 |  `Supplier Name`  |  component->supplier | packageSupplier, packageOriginator |  |
+|  | 2.7 |  `Version of Component` | component->version | package->version |  |
+|  | 2.8 |  `Other Uniq IDs` | component->cpe, component->purl | DocumentNamespace, SPDXID |  |
+| Practices and Processes | 3.1        |  `Depth`  | dependencies, compositions | relationships |  |
+|  | 3.2 |  `Known Unknowns` |   |  |  |

cmd/compliance.go

@@ -71,6 +71,7 @@ func setupEngineParams(cmd *cobra.Command, args []string) *engine.Params {
 	engParams.Detailed, _ = cmd.Flags().GetBool("detailed")
 	engParams.JSON, _ = cmd.Flags().GetBool("json")
 
+	engParams.Ntia, _ = cmd.Flags().GetBool("ntia")
 	// engParams.Ntia, _ = cmd.Flags().GetBool("ntia")
 	engParams.Bsi, _ = cmd.Flags().GetBool("bsi")
 	engParams.Oct, _ = cmd.Flags().GetBool("oct")
@@ -96,7 +97,7 @@ func init() {
 	complianceCmd.MarkFlagsMutuallyExclusive("json", "basic", "detailed")
 
 	// Standards control
-	// complianceCmd.Flags().BoolP("ntia", "n", false, "check for NTIA minimum elements compliance")
+	complianceCmd.Flags().BoolP("ntia", "n", false, "check for NTIA minimum elements compliance")
 	complianceCmd.Flags().BoolP("bsi", "c", false, "BSI TR-03183-2 v1.1 compliance")
 	// complianceCmd.MarkFlagsMutuallyExclusive("ntia", "cra")
 	complianceCmd.Flags().BoolP("oct", "t", false, "OpenChainTelco compliance")

pkg/compliance/bsi.go

@@ -192,8 +192,8 @@ func bsiCreator(doc sbom.Document) *record {
 	score := 0.0
 
 	for _, author := range doc.Authors() {
-		if author.Email() != "" {
-			result = author.Email()
+		if author.GetEmail() != "" {
+			result = author.GetEmail()
 			score = 10.0
 			break
 		}
@@ -399,7 +399,7 @@ func bsiComponentOtherUniqIDs(component sbom.GetComponent) *record {
 	result := ""
 	score := 0.0
 
-	purl := component.Purls()
+	purl := component.GetPurls()
 
 	if len(purl) > 0 {
 		result = string(purl[0])
@@ -408,7 +408,7 @@ func bsiComponentOtherUniqIDs(component sbom.GetComponent) *record {
 		return newRecordStmtOptional(COMP_OTHER_UNIQ_IDS, component.GetID(), result, score)
 	}
 
-	cpes := component.Cpes()
+	cpes := component.GetCpes()
 
 	if len(cpes) > 0 {
 		result = string(cpes[0])