1from cyclonedx.factory.license import LicenseFactory
2from cyclonedx.model import LicenseChoice, OrganizationalEntity, XsUri
3from cyclonedx.model.bom import Bom
4from cyclonedx.model.component import Component, ComponentType
5from cyclonedx.output.json import JsonV1Dot4
6from cyclonedx.output.xml import XmlV1Dot4
7from packageurl import PackageURL
8
9lFac = LicenseFactory()
10
11# region build the BOM
12
13bom = Bom()
14bom.metadata.component = rootComponent = Component(
15 name='myApp',
16 type=ComponentType.APPLICATION,
17 licenses=[LicenseChoice(license=lFac.make_from_string('MIT'))],
18 bom_ref='myApp',
19)
20
21component = Component(
22 type=ComponentType.LIBRARY,
23 name='some-component',
24 group='acme',
25 version='1.33.7-beta.1',
26 licenses=[LicenseChoice(license=lFac.make_from_string('(c) 2021 Acme inc.'))],
27 supplier=OrganizationalEntity(
28 name='Acme Inc',
29 urls=[XsUri('https://www.acme.org')]
30 ),
31 bom_ref='myComponent@1.33.7-beta.1',
32 purl=PackageURL('generic', 'acme', 'some-component', '1.33.7-beta.1')
33)
34
35bom.components.add(component)
36bom.register_dependency(rootComponent, [component])
37
38# endregion build the BOM
39
40serializedJSON = JsonV1Dot4(bom).output_as_string()
41print(serializedJSON)
42
43serializedXML = XmlV1Dot4(bom).output_as_string()
44print(serializedXML)