1from cyclonedx.factory.license import LicenseChoiceFactory, LicenseFactory
2from cyclonedx.model import OrganizationalEntity, XsUri
3from cyclonedx.model.bom import Bom
4from cyclonedx.model.component import Component, ComponentType
5from cyclonedx.output.json import JsonV1Dot4
6from cyclonedx.output.xml import XmlV1Dot4
7from packageurl import PackageURL
8
9lc_factory = LicenseChoiceFactory(license_factory=LicenseFactory())
10
11# region build the BOM
12
13bom = Bom()
14bom.metadata.component = rootComponent = Component(
15 name='myApp',
16 type=ComponentType.APPLICATION,
17 licenses=[lc_factory.make_from_string('MIT')],
18 bom_ref='myApp',
19)
20
21component1 = Component(
22 type=ComponentType.LIBRARY,
23 name='some-component',
24 group='acme',
25 version='1.33.7-beta.1',
26 licenses=[lc_factory.make_from_string('(c) 2021 Acme inc.')],
27 supplier=OrganizationalEntity(
28 name='Acme Inc',
29 urls=[XsUri('https://www.acme.org')]
30 ),
31 bom_ref='myComponent@1.33.7-beta.1',
32 purl=PackageURL('generic', 'acme', 'some-component', '1.33.7-beta.1')
33)
34bom.components.add(component1)
35bom.register_dependency(rootComponent, [component1])
36
37component2 = Component(
38 type=ComponentType.LIBRARY,
39 name='some-library',
40 licenses=[lc_factory.make_from_string('GPL-3.0-only WITH Classpath-exception-2.0')]
41)
42bom.components.add(component2)
43bom.register_dependency(component1, [component2])
44
45# endregion build the BOM
46
47serializedJSON = JsonV1Dot4(bom).output_as_string()
48print(serializedJSON)
49
50serializedXML = XmlV1Dot4(bom).output_as_string()
51print(serializedXML)