cyclonedx.model.bom

Classes

BomMetaData

This is our internal representation of the metadata complex type within the CycloneDX standard.

Bom

This is our internal representation of a bill-of-materials (BOM).

Module Contents

class cyclonedx.model.bom.BomMetaData(*, tools: Iterable[cyclonedx.model.tool.Tool] | cyclonedx.model.tool.ToolRepository | None = None, authors: Iterable[cyclonedx.model.contact.OrganizationalContact] | None = None, component: cyclonedx.model.component.Component | None = None, supplier: cyclonedx.model.contact.OrganizationalEntity | None = None, licenses: Iterable[cyclonedx.model.license.License] | None = None, properties: Iterable[cyclonedx.model.Property] | None = None, timestamp: datetime.datetime | None = None, manufacturer: cyclonedx.model.contact.OrganizationalEntity | None = None, lifecycles: Iterable[cyclonedx.model.lifecycle.Lifecycle] | None = None, manufacture: cyclonedx.model.contact.OrganizationalEntity | None = None)

This is our internal representation of the metadata complex type within the CycloneDX standard.

Note

See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.6/#type_metadata

property timestamp: datetime.datetime

The date and time (in UTC) when this BomMetaData was created.

Returns:

datetime instance in UTC timezone

property tools: cyclonedx.model.tool.ToolRepository

Tools used to create this BOM.

Returns:

ToolRepository object.

property authors: SortedSet[OrganizationalContact]

The person(s) who created the BOM.

Authors are common in BOMs created through manual processes.

BOMs created through automated means may not have authors.

Returns:

Set of OrganizationalContact

property component: cyclonedx.model.component.Component | None

The (optional) component that the BOM describes.

Returns:

cyclonedx.model.component.Component instance for this Bom Metadata.

property supplier: cyclonedx.model.contact.OrganizationalEntity | None

The organization that supplied the component that the BOM describes.

The supplier may often be the manufacturer, but may also be a distributor or repackager.

Returns:

OrganizationalEntity if set else None

property licenses: cyclonedx.model.license.LicenseRepository

A optional list of statements about how this BOM is licensed.

Returns:

Set of LicenseChoice

property properties: SortedSet[Property]

Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions.

Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL.

Return:

Set of Property

property manufacturer: cyclonedx.model.contact.OrganizationalEntity | None

The organization that created the BOM. Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have @.authors instead.

Returns:

OrganizationalEntity if set else None

property lifecycles: cyclonedx.model.lifecycle.LifecycleRepository

An optional list of BOM lifecycle stages.

Returns:

Set of Lifecycle

property manufacture: cyclonedx.model.contact.OrganizationalEntity | None

The organization that manufactured the component that the BOM describes.

Returns:

OrganizationalEntity if set else None

class cyclonedx.model.bom.Bom(*, components: Iterable[cyclonedx.model.component.Component] | None = None, services: Iterable[cyclonedx.model.service.Service] | None = None, external_references: Iterable[cyclonedx.model.ExternalReference] | None = None, serial_number: uuid.UUID | None = None, version: int = 1, metadata: BomMetaData | None = None, dependencies: Iterable[cyclonedx.model.dependency.Dependency] | None = None, vulnerabilities: Iterable[cyclonedx.model.vulnerability.Vulnerability] | None = None, properties: Iterable[cyclonedx.model.Property] | None = None, definitions: cyclonedx.model.definition.Definitions | None = None)

This is our internal representation of a bill-of-materials (BOM).

Once you have an instance of cyclonedx.model.bom.Bom, you can pass this to an instance of cyclonedx.output.BaseOutput to produce a CycloneDX document according to a specific schema version and format.

property serial_number: uuid.UUID

Unique UUID for this BOM

Returns:

UUID instance UUID instance

property version: int
property metadata: BomMetaData

Get our internal metadata object for this Bom.

Returns:

Metadata object instance for this Bom.

Note

See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.6/#type_metadata

property components: SortedSet[Component]

Get all the Components currently in this Bom.

Returns:

Set of Component in this Bom

property services: SortedSet[Service]

Get all the Services currently in this Bom.

Returns:

Set of Service in this BOM

property external_references: SortedSet[ExternalReference]

Provides the ability to document external references related to the BOM or to the project the BOM describes.

Returns:

Set of ExternalReference

property vulnerabilities: SortedSet[Vulnerability]

Get all the Vulnerabilities in this BOM.

Returns:

Set of Vulnerability

property dependencies: SortedSet[Dependency]
property properties: SortedSet[Property]

Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL.

Return:

Set of Property

property definitions: cyclonedx.model.definition.Definitions | None

The repository for definitions

Returns:

Definitions

get_component_by_purl(purl: packageurl.PackageURL | None) cyclonedx.model.component.Component | None

Get a Component already in the Bom by its PURL

Args:
purl:

An instance of packageurl.PackageURL to look and find Component.

Returns:

Component or None

get_urn_uuid() str

Get the unique reference for this Bom.

Returns:

URN formatted UUID that uniquely identified this Bom instance.

has_component(component: cyclonedx.model.component.Component) bool

Check whether this Bom contains the provided Component.

Args:
component:

The instance of cyclonedx.model.component.Component to check if this Bom contains.

Returns:

bool - True if the supplied Component is part of this Bom, False otherwise.

get_vulnerabilities_for_bom_ref(bom_ref: cyclonedx.model.bom_ref.BomRef) SortedSet[Vulnerability]

Get all known Vulnerabilities that affect the supplied bom_ref.

Args:

bom_ref: BomRef

Returns:

SortedSet of Vulnerability

has_vulnerabilities() bool

Check whether this Bom has any declared vulnerabilities.

Returns:

bool - True if this Bom has at least one Vulnerability, False otherwise.

register_dependency(target: cyclonedx.model.dependency.Dependable, depends_on: Iterable[cyclonedx.model.dependency.Dependable] | None = None) None
urn() str
validate() bool

Perform data-model level validations to make sure we have some known data integrity prior to attempting output of this Bom

Returns:

bool