Feature: framing third edition compliance checks

[viveksahu26]

closes: #313

Intro

• Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM) released few months, which is also known as 3rd edition of NTIA minimum elements. It is also known as Framing Software Component Transparency(fsct) compliance. It describes about the minimum required fields in your SBOM. Along with minimum also states about Recommended and Aspiration maturity for SBOM as well it's components. To know what fields and what maturity level it requires in short, refer here.

• After generating SBOM, one need to check it's score and compliance against popular compliance like NTIA minimum elements, NTIA minimum element 3rd edition(fsct), CRA, BSI, etc. Therefore the use of sbomqs score and sbomqs compliance command comes into role for score and complaince checks respectively against provided sbom.

This PR adds the support for the compliance checks against fsct one using below command:

// in tabular format
$ sbomqs compliance --fsct <sbom.spdx.json>  

// in basic format
$ sbomqs compliance --fsct  -b <sbom.spdx.json>  

// in json format
$ sbomqs compliance --fsct  --json <sbom.spdx.json>  

It looks like below ss:

To differentiate b/w different maturity level, different color is used:

• For Minimum --> green color
• For Recommended --> Sky Blue Color
• For Aspirational --> Yellow color

Similar to different colors being used to differentiate diff maturity level. The score is also vary for different maturity levels:

• For Minimum --> 10.0
• For Recommended --> 12.0
• For Aspirational --> Y15.0

It supports both SPDX and CycloneDX format of SBOM. For testing you can use below SBOM provided .

• cyclonedx sbom: sbomqs-fossa.cyclonedx.json
• spdx sbom: sbomqs-fossa.spdx.json

Also this point is included:

• Compliance rating (BSI TR-03183) using CycloneDX 1.6 sbomex#55 (comment)