cyclonedx.parser
Set of classes and methods which allow for quick creation of a Bom instance from your environment or Python project.
Use a Parser instead of programmatically creating a Bom as a developer.
Package Contents
Classes
This is our internal representation of a Component within a Bom. |
|
- class cyclonedx.parser.Component(*, name: str, type: ComponentType = ComponentType.LIBRARY, mime_type: str | None = None, bom_ref: str | cyclonedx.model.bom_ref.BomRef | None = None, supplier: cyclonedx.model.OrganizationalEntity | None = None, author: str | None = None, publisher: str | None = None, group: str | None = None, version: str | None = None, description: str | None = None, scope: ComponentScope | None = None, hashes: Iterable[cyclonedx.model.HashType] | None = None, licenses: Iterable[cyclonedx.model.LicenseChoice] | None = None, copyright: str | None = None, purl: packageurl.PackageURL | None = None, external_references: Iterable[cyclonedx.model.ExternalReference] | None = None, properties: Iterable[cyclonedx.model.Property] | None = None, release_notes: cyclonedx.model.release_note.ReleaseNotes | None = None, cpe: str | None = None, swid: Swid | None = None, pedigree: Pedigree | None = None, components: Iterable[Component] | None = None, evidence: ComponentEvidence | None = None, modified: bool = False, namespace: str | None = None, license_str: str | None = None)[source]
Bases:
cyclonedx.model.dependency.DependableThis is our internal representation of a Component within a Bom.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.3/#type_component
- property type: ComponentType
Get the type of this Component.
- Returns:
Declared type of this Component as ComponentType.
- property mime_type: str | None
Get any declared mime-type for this Component.
When used on file components, the mime-type can provide additional context about the kind of file being represented such as an image, font, or executable. Some library or framework components may also have an associated mime-type.
- Returns:
str if set else None
- property bom_ref: cyclonedx.model.bom_ref.BomRef
An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.
If a value was not provided in the constructor, a UUIDv4 will have been assigned.
- Returns:
BomRef
- property supplier: cyclonedx.model.OrganizationalEntity | None
The organization that supplied the component. The supplier may often be the manufacture, but may also be a distributor or repackager.
- Returns:
OrganizationalEntity if set else None
- property author: str | None
The person(s) or organization(s) that authored the component.
- Returns:
str if set else None
- property publisher: str | None
The person(s) or organization(s) that published the component
- Returns:
str if set else None
- property group: str | None
The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided.
Examples include: apache, org.apache.commons, and apache.org.
- Returns:
str if set else None
- property name: str
The name of the component.
This will often be a shortened, single name of the component.
Examples: commons-lang3 and jquery.
- Returns:
str
- property version: str | None
The component version. The version should ideally comply with semantic versioning but is not enforced.
This is NOT optional for CycloneDX Schema Version < 1.4 but was agreed to default to an empty string where a version was not supplied for schema versions < 1.4
- Returns:
Declared version of this Component as str or None
- property description: str | None
Get the description of this Component.
- Returns:
str if set, else None.
- property scope: ComponentScope | None
Specifies the scope of the component.
If scope is not specified, ‘required’ scope should be assumed by the consumer of the BOM.
- Returns:
ComponentScope or None
- property hashes: SortedSet[HashType]
Optional list of hashes that help specify the integrity of this Component.
- Returns:
Set of HashType
- property licenses: SortedSet[LicenseChoice]
A optional list of statements about how this Component is licensed.
- Returns:
Set of LicenseChoice
- property copyright: str | None
An optional copyright notice informing users of the underlying claims to copyright ownership in a published work.
- Returns:
str or None
- property cpe: str | None
Specifies a well-formed CPE name that conforms to the CPE 2.2 or 2.3 specification. See https://nvd.nist.gov/products/cpe
- Returns:
str if set else None
- property purl: packageurl.PackageURL | None
Specifies the package-url (PURL).
The purl, if specified, must be valid and conform to the specification defined at: https://github.com/package-url/purl-spec
- Returns:
PackageURL or None
- property swid: Swid | None
Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.
- Returns:
Swid if set else None
- property modified: bool
- property pedigree: Pedigree | None
Component pedigree is a way to document complex supply chain scenarios where components are created, distributed, modified, redistributed, combined with other components, etc.
- Returns:
Pedigree if set else None
- property external_references: SortedSet[ExternalReference]
Provides the ability to document external references related to the component or to the project the component describes.
- Returns:
Set of ExternalReference
- property properties: SortedSet[Property]
Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions.
- Return:
Set of Property
- property components: SortedSet['Component']
A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system -> subsystem -> parts assembly in physical supply chains.
- Returns:
Set of Component
- property evidence: ComponentEvidence | None
Provides the ability to document evidence collected through various forms of extraction or analysis.
- Returns:
ComponentEvidence if set else None
- property release_notes: cyclonedx.model.release_note.ReleaseNotes | None
Specifies optional release notes.
- Returns:
ReleaseNotes or None
- static for_file(absolute_file_path: str, path_for_bom: str | None) Component[source]
Helper method to create a Component that represents the provided local file as a Component.
- Args:
- absolute_file_path:
Absolute path to the file you wish to represent
- path_for_bom:
Optionally, if supplied this is the path that will be used to identify the file in the BOM
- Returns:
Component representing the supplied file
- class cyclonedx.parser.BaseParser[source]
- _components: List[cyclonedx.model.component.Component] = [][source]
- _warnings: List[ParserWarning] = [][source]
- get_components() List[cyclonedx.model.component.Component][source]
- get_warnings() List[ParserWarning][source]