cyclonedx.model

Uniform set of models to represent objects within a CycloneDX software bill-of-materials.

You can either create a cyclonedx.model.bom.Bom yourself programmatically, or generate a cyclonedx.model.bom.Bom from a cyclonedx.parser.BaseParser implementation.

Submodules

• cyclonedx.model.bom
• cyclonedx.model.bom_ref
• cyclonedx.model.component
• cyclonedx.model.contact
• cyclonedx.model.crypto
• cyclonedx.model.dependency
• cyclonedx.model.impact_analysis
• cyclonedx.model.issue
• cyclonedx.model.license
• cyclonedx.model.release_note
• cyclonedx.model.service
• cyclonedx.model.vulnerability

Package Contents

Classes

DataFlow	This is our internal representation of the dataFlowType simple type within the CycloneDX standard.
DataClassification	This is our internal representation of the dataClassificationType complex type within the CycloneDX standard.
Encoding	This is our internal representation of the encoding simple type within the CycloneDX standard.
AttachedText	This is our internal representation of the attachedTextType complex type within the CycloneDX standard.
HashAlgorithm	This is our internal representation of the hashAlg simple type within the CycloneDX standard.
HashType	This is our internal representation of the hashType complex type within the CycloneDX standard.
ExternalReferenceType	Enum object that defines the permissible 'types' for an External Reference according to the CycloneDX schema.
XsUri	Helper class that allows us to perform validation on data strings that are defined as xs:anyURI
ExternalReference	This is our internal representation of an ExternalReference complex type that can be used in multiple places within
Property	This is our internal representation of propertyType complex type that can be used in multiple places within
NoteText	This is our internal representation of the Note.text complex type that can be used in multiple places within
Note	This is our internal representation of the Note complex type that can be used in multiple places within
Tool	This is our internal representation of the toolType complex type within the CycloneDX standard.
IdentifiableAction	This is our internal representation of the identifiableActionType complex type.
Copyright	This is our internal representation of the copyrightsType complex type.

Attributes

ThisTool

class cyclonedx.model.DataFlow

Bases: str, enum.Enum

This is our internal representation of the dataFlowType simple type within the CycloneDX standard.

Note

See the CycloneDX Schema: https://cyclonedx.org/docs/1.4/xml/#type_dataFlowType

INBOUND = 'inbound'

OUTBOUND = 'outbound'

BI_DIRECTIONAL = 'bi-directional'

UNKNOWN = 'unknown'

capitalize()

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()

Return a version of the string suitable for caseless comparisons.

center()

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count()

S.count(sub[, start[, end]]) -> int

Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode()

Encode the string using the codec registered for encoding.

encoding

The encoding in which to encode the string.

errors

The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith()

S.endswith(suffix[, start[, end]]) -> bool

Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs()

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find()

S.find(sub[, start[, end]]) -> int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format()

S.format(*args, **kwargs) -> str

Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map()

S.format_map(mapping) -> str

Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index()

S.index(sub[, start[, end]]) -> int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join()

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust()

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()

Return a copy of the string converted to lowercase.

lstrip()

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

partition()

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix()

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix()

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace()

Return a copy with all occurrences of substring old replaced by new.

count

Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind()

S.rfind(sub[, start[, end]]) -> int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex()

S.rindex(sub[, start[, end]]) -> int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust()

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition()

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit()

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits (starting from the left). -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip()

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split()

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits (starting from the left). -1 (the default value) means no limit.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines()

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith()

S.startswith(prefix[, start[, end]]) -> bool

Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip()

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()

Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate()

Replace each character in the string using the given translation table.

table

Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()

Return a copy of the string converted to uppercase.

zfill()

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

name()

The name of the Enum member.

value()

The value of the Enum member.

class cyclonedx.model.DataClassification(*, flow: DataFlow, classification: str)

This is our internal representation of the dataClassificationType complex type within the CycloneDX standard.

DataClassification might be deprecated since CycloneDX 1.5, but it is not deprecated in this library. In fact, this library will try to provide a compatibility layer if needed.

Note

See the CycloneDX Schema for dataClassificationType: https://cyclonedx.org/docs/1.4/xml/#type_dataClassificationType

property flow: DataFlow

Specifies the flow direction of the data.

Valid values are: inbound, outbound, bi-directional, and unknown.

Direction is relative to the service.

• Inbound flow states that data enters the service

• Outbound flow states that data leaves the service

• Bi-directional states that data flows both ways

• Unknown states that the direction is not known

Returns:

DataFlow

property classification: str

Data classification tags data according to its type, sensitivity, and value if altered, stolen, or destroyed.

Returns:

str

class cyclonedx.model.Encoding

Bases: str, enum.Enum

This is our internal representation of the encoding simple type within the CycloneDX standard.

Note

See the CycloneDX Schema: https://cyclonedx.org/docs/1.4/#type_encoding

BASE_64 = 'base64'

capitalize()

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()

Return a version of the string suitable for caseless comparisons.

center()

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count()

S.count(sub[, start[, end]]) -> int

Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode()

Encode the string using the codec registered for encoding.

encoding

The encoding in which to encode the string.

errors

The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith()

S.endswith(suffix[, start[, end]]) -> bool

Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs()

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find()

S.find(sub[, start[, end]]) -> int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format()

S.format(*args, **kwargs) -> str

Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map()

S.format_map(mapping) -> str

Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index()

S.index(sub[, start[, end]]) -> int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join()

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust()

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()

Return a copy of the string converted to lowercase.

lstrip()

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

partition()

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix()

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix()

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace()

Return a copy with all occurrences of substring old replaced by new.

count

Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind()

S.rfind(sub[, start[, end]]) -> int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex()

S.rindex(sub[, start[, end]]) -> int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust()

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition()

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit()

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits (starting from the left). -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip()

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split()

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits (starting from the left). -1 (the default value) means no limit.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines()

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith()

S.startswith(prefix[, start[, end]]) -> bool

Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip()

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()

Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate()

Replace each character in the string using the given translation table.

table

Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()

Return a copy of the string converted to uppercase.

zfill()

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

name()

The name of the Enum member.

value()

The value of the Enum member.

class cyclonedx.model.AttachedText(*, content: str, content_type: str = DEFAULT_CONTENT_TYPE, encoding: Encoding | None = None)

This is our internal representation of the attachedTextType complex type within the CycloneDX standard.

Note

See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.3/#type_attachedTextType

property content_type: str

Specifies the content type of the text. Defaults to text/plain if not specified.

Returns:

str

property encoding: Encoding | None

Specifies the optional encoding the text is represented in.

Returns:

Encoding if set else None

property content: str

The attachment data.

Proactive controls such as input validation and sanitization should be employed to prevent misuse of attachment text.

Returns:

str

DEFAULT_CONTENT_TYPE = 'text/plain'

class cyclonedx.model.HashAlgorithm

Bases: str, enum.Enum

This is our internal representation of the hashAlg simple type within the CycloneDX standard.

Note

See the CycloneDX Schema: https://cyclonedx.org/docs/1.3/#type_hashAlg

BLAKE2B_256 = 'BLAKE2b-256'

BLAKE2B_384 = 'BLAKE2b-384'

BLAKE2B_512 = 'BLAKE2b-512'

BLAKE3 = 'BLAKE3'

MD5 = 'MD5'

SHA_1 = 'SHA-1'

SHA_256 = 'SHA-256'

SHA_384 = 'SHA-384'

SHA_512 = 'SHA-512'

SHA3_256 = 'SHA3-256'

SHA3_384 = 'SHA3-384'

SHA3_512 = 'SHA3-512'

capitalize()

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()

Return a version of the string suitable for caseless comparisons.

center()

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count()

S.count(sub[, start[, end]]) -> int

Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode()

Encode the string using the codec registered for encoding.

encoding

The encoding in which to encode the string.

errors

The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith()

S.endswith(suffix[, start[, end]]) -> bool

Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs()

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find()

S.find(sub[, start[, end]]) -> int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format()

S.format(*args, **kwargs) -> str

Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map()

S.format_map(mapping) -> str

Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index()

S.index(sub[, start[, end]]) -> int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join()

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust()

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()

Return a copy of the string converted to lowercase.

lstrip()

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

partition()

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix()

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix()

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace()

Return a copy with all occurrences of substring old replaced by new.

count

Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind()

S.rfind(sub[, start[, end]]) -> int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex()

S.rindex(sub[, start[, end]]) -> int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust()

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition()

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit()

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits (starting from the left). -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip()

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split()

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits (starting from the left). -1 (the default value) means no limit.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines()

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith()

S.startswith(prefix[, start[, end]]) -> bool

Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip()

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()

Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate()

Replace each character in the string using the given translation table.

table

Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()

Return a copy of the string converted to uppercase.

zfill()

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

name()

The name of the Enum member.

value()

The value of the Enum member.

class cyclonedx.model.HashType(*, alg: HashAlgorithm, content: str)

This is our internal representation of the hashType complex type within the CycloneDX standard.

Note

See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.3/#type_hashType

property alg: HashAlgorithm

Specifies the algorithm used to create the hash.

Returns:

HashAlgorithm

property content: str

Hash value content.

Returns:

str

static from_hashlib_alg(hashlib_alg: str, content: str) → HashType

Attempts to convert a hashlib-algorithm to our internal model classes.

Args:

hashlib_alg:

Hash algorith - like it is used by hashlib. Example: sha256.

content:

Hash value.

Raises:

UnknownHashTypeException if the algorithm of hash cannot be determined.

Returns:

An instance of HashType.

static from_composite_str(composite_hash: str) → HashType

Attempts to convert a string which includes both the Hash Algorithm and Hash Value and represent using our internal model classes.

Args:

composite_hash:

Composite Hash string of the format HASH_ALGORITHM:HASH_VALUE. Example: sha256:806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b.

Raises:

UnknownHashTypeException if the type of hash cannot be determined.

Returns:

An instance of HashType.

class cyclonedx.model.ExternalReferenceType

Bases: str, enum.Enum

Enum object that defines the permissible ‘types’ for an External Reference according to the CycloneDX schema.

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.3/#type_externalReferenceType

ADVERSARY_MODEL = 'adversary-model'

ADVISORIES = 'advisories'

ATTESTATION = 'attestation'

BOM = 'bom'

BUILD_META = 'build-meta'

BUILD_SYSTEM = 'build-system'

CERTIFICATION_REPORT = 'certification-report'

CHAT = 'chat'

CODIFIED_INFRASTRUCTURE = 'codified-infrastructure'

COMPONENT_ANALYSIS_REPORT = 'component-analysis-report'

CONFIGURATION = 'configuration'

DIGITAL_SIGNATURE = 'digital-signature'

DISTRIBUTION = 'distribution'

DISTRIBUTION_INTAKE = 'distribution-intake'

DOCUMENTATION = 'documentation'

DYNAMIC_ANALYSIS_REPORT = 'dynamic-analysis-report'

ELECTRONIC_SIGNATURE = 'electronic-signature'

EVIDENCE = 'evidence'

EXPLOITABILITY_STATEMENT = 'exploitability-statement'

FORMULATION = 'formulation'

ISSUE_TRACKER = 'issue-tracker'

LICENSE = 'license'

LOG = 'log'

MAILING_LIST = 'mailing-list'

MATURITY_REPORT = 'maturity-report'

MODEL_CARD = 'model-card'

PENTEST_REPORT = 'pentest-report'

POAM = 'poam'

QUALITY_METRICS = 'quality-metrics'

RELEASE_NOTES = 'release-notes'

RFC_9166 = 'rfc-9116'

RISK_ASSESSMENT = 'risk-assessment'

RUNTIME_ANALYSIS_REPORT = 'runtime-analysis-report'

SECURITY_CONTACT = 'security-contact'

STATIC_ANALYSIS_REPORT = 'static-analysis-report'

SOCIAL = 'social'

SOURCE_DISTRIBUTION = 'source-distribution'

SCM = 'vcs'

SUPPORT = 'support'

THREAT_MODEL = 'threat-model'

VCS = 'vcs'

VULNERABILITY_ASSERTION = 'vulnerability-assertion'

WEBSITE = 'website'

OTHER = 'other'

capitalize()

Return a capitalized version of the string.

More specifically, make the first character have upper case and the rest lower case.

casefold()

Return a version of the string suitable for caseless comparisons.

center()

Return a centered string of length width.

Padding is done using the specified fill character (default is a space).

count()

S.count(sub[, start[, end]]) -> int

Return the number of non-overlapping occurrences of substring sub in string S[start:end]. Optional arguments start and end are interpreted as in slice notation.

encode()

Encode the string using the codec registered for encoding.

encoding

The encoding in which to encode the string.

errors

The error handling scheme to use for encoding errors. The default is ‘strict’ meaning that encoding errors raise a UnicodeEncodeError. Other possible values are ‘ignore’, ‘replace’ and ‘xmlcharrefreplace’ as well as any other name registered with codecs.register_error that can handle UnicodeEncodeErrors.

endswith()

S.endswith(suffix[, start[, end]]) -> bool

Return True if S ends with the specified suffix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. suffix can also be a tuple of strings to try.

expandtabs()

Return a copy where all tab characters are expanded using spaces.

If tabsize is not given, a tab size of 8 characters is assumed.

find()

S.find(sub[, start[, end]]) -> int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

format()

S.format(*args, **kwargs) -> str

Return a formatted version of S, using substitutions from args and kwargs. The substitutions are identified by braces (‘{’ and ‘}’).

format_map()

S.format_map(mapping) -> str

Return a formatted version of S, using substitutions from mapping. The substitutions are identified by braces (‘{’ and ‘}’).

index()

S.index(sub[, start[, end]]) -> int

Return the lowest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

isalnum()

Return True if the string is an alpha-numeric string, False otherwise.

A string is alpha-numeric if all characters in the string are alpha-numeric and there is at least one character in the string.

isalpha()

Return True if the string is an alphabetic string, False otherwise.

A string is alphabetic if all characters in the string are alphabetic and there is at least one character in the string.

isascii()

Return True if all characters in the string are ASCII, False otherwise.

ASCII characters have code points in the range U+0000-U+007F. Empty string is ASCII too.

isdecimal()

Return True if the string is a decimal string, False otherwise.

A string is a decimal string if all characters in the string are decimal and there is at least one character in the string.

isdigit()

Return True if the string is a digit string, False otherwise.

A string is a digit string if all characters in the string are digits and there is at least one character in the string.

isidentifier()

Return True if the string is a valid Python identifier, False otherwise.

Call keyword.iskeyword(s) to test whether string s is a reserved identifier, such as “def” or “class”.

islower()

Return True if the string is a lowercase string, False otherwise.

A string is lowercase if all cased characters in the string are lowercase and there is at least one cased character in the string.

isnumeric()

Return True if the string is a numeric string, False otherwise.

A string is numeric if all characters in the string are numeric and there is at least one character in the string.

isprintable()

Return True if the string is printable, False otherwise.

A string is printable if all of its characters are considered printable in repr() or if it is empty.

isspace()

Return True if the string is a whitespace string, False otherwise.

A string is whitespace if all characters in the string are whitespace and there is at least one character in the string.

istitle()

Return True if the string is a title-cased string, False otherwise.

In a title-cased string, upper- and title-case characters may only follow uncased characters and lowercase characters only cased ones.

isupper()

Return True if the string is an uppercase string, False otherwise.

A string is uppercase if all cased characters in the string are uppercase and there is at least one cased character in the string.

join()

Concatenate any number of strings.

The string whose method is called is inserted in between each given string. The result is returned as a new string.

Example: ‘.’.join([‘ab’, ‘pq’, ‘rs’]) -> ‘ab.pq.rs’

ljust()

Return a left-justified string of length width.

Padding is done using the specified fill character (default is a space).

lower()

Return a copy of the string converted to lowercase.

lstrip()

Return a copy of the string with leading whitespace removed.

If chars is given and not None, remove characters in chars instead.

partition()

Partition the string into three parts using the given separator.

This will search for the separator in the string. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing the original string and two empty strings.

removeprefix()

Return a str with the given prefix string removed if present.

If the string starts with the prefix string, return string[len(prefix):]. Otherwise, return a copy of the original string.

removesuffix()

Return a str with the given suffix string removed if present.

If the string ends with the suffix string and that suffix is not empty, return string[:-len(suffix)]. Otherwise, return a copy of the original string.

replace()

Return a copy with all occurrences of substring old replaced by new.

count

Maximum number of occurrences to replace. -1 (the default value) means replace all occurrences.

If the optional argument count is given, only the first count occurrences are replaced.

rfind()

S.rfind(sub[, start[, end]]) -> int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Return -1 on failure.

rindex()

S.rindex(sub[, start[, end]]) -> int

Return the highest index in S where substring sub is found, such that sub is contained within S[start:end]. Optional arguments start and end are interpreted as in slice notation.

Raises ValueError when the substring is not found.

rjust()

Return a right-justified string of length width.

Padding is done using the specified fill character (default is a space).

rpartition()

Partition the string into three parts using the given separator.

This will search for the separator in the string, starting at the end. If the separator is found, returns a 3-tuple containing the part before the separator, the separator itself, and the part after it.

If the separator is not found, returns a 3-tuple containing two empty strings and the original string.

rsplit()

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits (starting from the left). -1 (the default value) means no limit.

Splitting starts at the end of the string and works to the front.

rstrip()

Return a copy of the string with trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

split()

Return a list of the substrings in the string, using sep as the separator string.

sep

The separator used to split the string.

When set to None (the default value), will split on any whitespace character (including n r t f and spaces) and will discard empty strings from the result.

maxsplit

Maximum number of splits (starting from the left). -1 (the default value) means no limit.

Note, str.split() is mainly useful for data that has been intentionally delimited. With natural text that includes punctuation, consider using the regular expression module.

splitlines()

Return a list of the lines in the string, breaking at line boundaries.

Line breaks are not included in the resulting list unless keepends is given and true.

startswith()

S.startswith(prefix[, start[, end]]) -> bool

Return True if S starts with the specified prefix, False otherwise. With optional start, test S beginning at that position. With optional end, stop comparing S at that position. prefix can also be a tuple of strings to try.

strip()

Return a copy of the string with leading and trailing whitespace removed.

If chars is given and not None, remove characters in chars instead.

swapcase()

Convert uppercase characters to lowercase and lowercase characters to uppercase.

title()

Return a version of the string where each word is titlecased.

More specifically, words start with uppercased characters and all remaining cased characters have lower case.

translate()

Replace each character in the string using the given translation table.

table

Translation table, which must be a mapping of Unicode ordinals to Unicode ordinals, strings, or None.

The table must implement lookup/indexing via __getitem__, for instance a dictionary or list. If this operation raises LookupError, the character is left untouched. Characters mapped to None are deleted.

upper()

Return a copy of the string converted to uppercase.

zfill()

Pad a numeric string with zeros on the left, to fill a field of the given width.

The string is never truncated.

name()

The name of the Enum member.

value()

The value of the Enum member.

class cyclonedx.model.XsUri(uri: str)

Bases: serializable.helpers.BaseHelper

Helper class that allows us to perform validation on data strings that are defined as xs:anyURI in CycloneDX schema.

Developers can just use this via str(XsUri(‘https://www.google.com’)).

Note

See XSD definition for xsd:anyURI: http://www.datypic.com/sc/xsd/t-xsd_anyURI.html See JSON Schema definition for iri-reference: https://tools.ietf.org/html/rfc3987

property uri: str

classmethod serialize(o: Any) → str

classmethod deserialize(o: Any) → XsUri

class cyclonedx.model.ExternalReference(*, type: ExternalReferenceType, url: XsUri, comment: str | None = None, hashes: Iterable[HashType] | None = None)

This is our internal representation of an ExternalReference complex type that can be used in multiple places within a CycloneDX BOM document.

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.3/#type_externalReference

property url: XsUri

The URL to the external reference.

Returns:

XsUri

property comment: str | None

An optional comment describing the external reference.

Returns:

str if set else None

property type: ExternalReferenceType

Specifies the type of external reference.

There are built-in types to describe common references. If a type does not exist for the reference being referred to, use the “other” type.

Returns:

ExternalReferenceType

property hashes: SortedSet[HashType]

The hashes of the external reference (if applicable).

Returns:

Set of HashType

class cyclonedx.model.Property(*, name: str, value: str)

This is our internal representation of propertyType complex type that can be used in multiple places within a CycloneDX BOM document.

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_propertyType

Specifies an individual property with a name and value.

property name: str

The name of the property.

Duplicate names are allowed, each potentially having a different value.

Returns:

str

property value: str

Value of this Property.

Returns:

str

class cyclonedx.model.NoteText(*, content: str, content_type: str | None = None, encoding: Encoding | None = None)

This is our internal representation of the Note.text complex type that can be used in multiple places within a CycloneDX BOM document.

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_releaseNotesType

property content: str

Get the text content of this Note.

Returns:

str note content

property content_type: str | None

Get the content-type of this Note.

Defaults to ‘text/plain’ if one was not explicitly specified.

Returns:

str content-type

property encoding: Encoding | None

Get the encoding method used for the note’s content.

Returns:

Encoding if set else None

DEFAULT_CONTENT_TYPE: str = 'text/plain'

class cyclonedx.model.Note(*, text: NoteText, locale: str | None = None)

This is our internal representation of the Note complex type that can be used in multiple places within a CycloneDX BOM document.

Note

See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.4/xml/#type_releaseNotesType

@todo: Replace NoteText with AttachedText?

property text: NoteText

Specifies the full content of the release note.

Returns:

NoteText

property locale: str | None

Get the ISO locale of this Note.

The ISO-639 (or higher) language code and optional ISO-3166 (or higher) country code.

Examples include: “en”, “en-US”, “fr” and “fr-CA”.

Returns:

str locale if set else None

class cyclonedx.model.Tool(*, vendor: str | None = None, name: str | None = None, version: str | None = None, hashes: Iterable[HashType] | None = None, external_references: Iterable[ExternalReference] | None = None)

This is our internal representation of the toolType complex type within the CycloneDX standard.

Tool(s) are the things used in the creation of the CycloneDX document.

Tool might be deprecated since CycloneDX 1.5, but it is not deprecated in this library. In fact, this library will try to provide a compatibility layer if needed.

Note

See the CycloneDX Schema for toolType: https://cyclonedx.org/docs/1.3/#type_toolType

property vendor: str | None

The name of the vendor who created the tool.

Returns:

str if set else None

property name: str | None

The name of the tool.

Returns:

str if set else None

property version: str | None

The version of the tool.

Returns:

str if set else None

property hashes: SortedSet[HashType]

The hashes of the tool (if applicable).

Returns:

Set of HashType

property external_references: SortedSet[ExternalReference]

External References provides a way to document systems, sites, and information that may be relevant but which are not included with the BOM.

Returns:

Set of ExternalReference

class cyclonedx.model.IdentifiableAction(*, timestamp: datetime.datetime | None = None, name: str | None = None, email: str | None = None)

This is our internal representation of the identifiableActionType complex type.

Note

See the CycloneDX specification: https://cyclonedx.org/docs/1.4/xml/#type_identifiableActionType

property timestamp: datetime.datetime | None

The timestamp in which the action occurred.

Returns:

datetime if set else None

property name: str | None

The name of the individual who performed the action.

Returns:

str if set else None

property email: str | None

The email address of the individual who performed the action.

Returns:

str if set else None

class cyclonedx.model.Copyright(*, text: str)

This is our internal representation of the copyrightsType complex type.

Note

See the CycloneDX specification: https://cyclonedx.org/docs/1.4/xml/#type_copyrightsType

property text: str

Copyright statement.

Returns:

str if set else None

cyclonedx.model.ThisTool