1from cyclonedx.factory.license import LicenseFactory
2from cyclonedx.model import OrganizationalEntity, XsUri
3from cyclonedx.model.bom import Bom, LicenseChoice
4from cyclonedx.model.component import Component, ComponentType
5from cyclonedx.model.dependency import Dependency
6from cyclonedx.output.json import JsonV1Dot4
7from cyclonedx.output.xml import XmlV1Dot4
8from packageurl import PackageURL
9
10lFac = LicenseFactory()
11
12# region build the BOM
13
14bom = Bom()
15bom.metadata.component = rootComponent = Component(
16 name='myApp',
17 type=ComponentType.APPLICATION,
18 licenses=[LicenseChoice(license=lFac.make_from_string('MIT'))],
19 bom_ref='myApp',
20)
21
22component = Component(
23 type=ComponentType.LIBRARY,
24 name='some-component',
25 group='acme',
26 version='1.33.7-beta.1',
27 licenses=[LicenseChoice(license=lFac.make_from_string('(c) 2021 Acme inc.'))],
28 supplier=OrganizationalEntity(
29 name='Acme Inc',
30 urls=[XsUri('https://www.acme.org')]
31 ),
32 bom_ref='myComponent@1.33.7-beta.1',
33 purl=PackageURL('generic', 'acme', 'some-component', '1.33.7-beta.1')
34)
35
36bom.components.add(component)
37bom.dependencies.add(Dependency(rootComponent.bom_ref, [Dependency(component.bom_ref)]))
38
39# endregion build the BOM
40
41
42serializedJSON = JsonV1Dot4(bom).output_as_string()
43print(serializedJSON)
44
45serializedXML = XmlV1Dot4(bom).output_as_string()
46print(serializedXML)