cyclonedx.model.bom
Module Contents
Classes
This is our internal representation of the metadata complex type within the CycloneDX standard. |
|
This is our internal representation of a bill-of-materials (BOM). |
- class cyclonedx.model.bom.BomMetaData(*, tools: Iterable[cyclonedx.model.Tool] | None = None, authors: Iterable[cyclonedx.model.OrganizationalContact] | None = None, component: cyclonedx.model.component.Component | None = None, manufacture: cyclonedx.model.OrganizationalEntity | None = None, supplier: cyclonedx.model.OrganizationalEntity | None = None, licenses: Iterable[cyclonedx.model.LicenseChoice] | None = None, properties: Iterable[cyclonedx.model.Property] | None = None, timestamp: datetime.datetime | None = None)[source]
This is our internal representation of the metadata complex type within the CycloneDX standard.
Note
See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.4/#type_metadata
- property timestamp: datetime.datetime[source]
The date and time (in UTC) when this BomMetaData was created.
- Returns:
datetime instance in UTC timezone
- property tools: SortedSet[Tool][source]
Tools used to create this BOM.
- Returns:
Set of Tool objects.
- property authors: SortedSet[OrganizationalContact][source]
The person(s) who created the BOM.
Authors are common in BOMs created through manual processes.
BOMs created through automated means may not have authors.
- Returns:
Set of OrganizationalContact
- property component: cyclonedx.model.component.Component | None[source]
The (optional) component that the BOM describes.
- Returns:
cyclonedx.model.component.Component instance for this Bom Metadata.
- property manufacture: cyclonedx.model.OrganizationalEntity | None[source]
The organization that manufactured the component that the BOM describes.
- Returns:
OrganizationalEntity if set else None
- property supplier: cyclonedx.model.OrganizationalEntity | None[source]
The organization that supplied the component that the BOM describes.
The supplier may often be the manufacturer, but may also be a distributor or repackager.
- Returns:
OrganizationalEntity if set else None
- property licenses: SortedSet[LicenseChoice][source]
A optional list of statements about how this BOM is licensed.
- Returns:
Set of LicenseChoice
- property properties: SortedSet[Property][source]
Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions.
Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL.
- Return:
Set of Property
- class cyclonedx.model.bom.Bom(*, components: Iterable[cyclonedx.model.component.Component] | None = None, services: Iterable[cyclonedx.model.service.Service] | None = None, external_references: Iterable[cyclonedx.model.ExternalReference] | None = None, serial_number: uuid.UUID | None = None, version: int = 1, metadata: BomMetaData | None = None, dependencies: Iterable[cyclonedx.model.dependency.Dependency] | None = None, vulnerabilities: Iterable[cyclonedx.model.vulnerability.Vulnerability] | None = None)[source]
This is our internal representation of a bill-of-materials (BOM).
You can either create a cyclonedx.model.bom.Bom yourself programmatically, or generate a cyclonedx.model.bom.Bom from a cyclonedx.parser.BaseParser implementation.
Once you have an instance of cyclonedx.model.bom.Bom, you can pass this to an instance of cyclonedx.output.BaseOutput to produce a CycloneDX document according to a specific schema version and format.
- property serial_number: uuid.UUID[source]
Unique UUID for this BOM
- Returns:
UUID instance UUID instance
- property metadata: BomMetaData[source]
Get our internal metadata object for this Bom.
- Returns:
Metadata object instance for this Bom.
Note
See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.3/#type_metadata
- property components: SortedSet[Component][source]
Get all the Components currently in this Bom.
- Returns:
Set of Component in this Bom
- property services: SortedSet[Service][source]
Get all the Services currently in this Bom.
- Returns:
Set of Service in this BOM
- property external_references: SortedSet[ExternalReference][source]
Provides the ability to document external references related to the BOM or to the project the BOM describes.
- Returns:
Set of ExternalReference
- property vulnerabilities: SortedSet[Vulnerability][source]
Get all the Vulnerabilities in this BOM.
- Returns:
Set of Vulnerability
- property dependencies: SortedSet[Dependency][source]
- static from_parser(parser: cyclonedx.parser.BaseParser) Bom[source]
Create a Bom instance from a Parser object.
- Args:
parser (cyclonedx.parser.BaseParser): A valid parser instance.
- Returns:
cyclonedx.model.bom.Bom: A Bom instance that represents the valid data held in the supplied parser.
- get_component_by_purl(purl: packageurl.PackageURL | None) cyclonedx.model.component.Component | None[source]
Get a Component already in the Bom by its PURL
- Args:
- purl:
An instance of packageurl.PackageURL to look and find Component.
- Returns:
Component or None
- get_urn_uuid() str[source]
Get the unique reference for this Bom.
- Returns:
URN formatted UUID that uniquely identified this Bom instance.
- has_component(component: cyclonedx.model.component.Component) bool[source]
Check whether this Bom contains the provided Component.
- Args:
- component:
The instance of cyclonedx.model.component.Component to check if this Bom contains.
- Returns:
bool - True if the supplied Component is part of this Bom, False otherwise.
- _get_all_components() Set[cyclonedx.model.component.Component][source]
- get_vulnerabilities_for_bom_ref(bom_ref: cyclonedx.model.bom_ref.BomRef) SortedSet[Vulnerability][source]
Get all known Vulnerabilities that affect the supplied bom_ref.
- Args:
bom_ref: BomRef
- Returns:
SortedSet of Vulnerability
- has_vulnerabilities() bool[source]
Check whether this Bom has any declared vulnerabilities.
- Returns:
bool - True if this Bom has at least one Vulnerability, False otherwise.
- register_dependency(target: cyclonedx.model.dependency.Dependable, depends_on: Iterable[cyclonedx.model.dependency.Dependable] | None = None) None[source]