It may be possible to use CSV on the Web https://csvw.org/ as a file format to collect human input.
A possible workflow looks like this:
- Pitloom may try in the first place to auto extract and infer SBOM metadata as much as possible.
- Pitloom identify missing information, especially the mandatory one (may use ntia-conformance-checker for this; also the new SARIF output), then create a CSVW file that lists missing information
- Human fill in the value of missing info to the CSVW
- Pitloom reads info from CSVW and integrate them back to final SBOM
It may be possible to use CSV on the Web https://csvw.org/ as a file format to collect human input.
A possible workflow looks like this: