Upgrading to v8

Version 8 is not backwards compatible. Some behaviours and integrations changed. This document covers all breaking changes and should give guidance how to migrate from previous versions.

This document is not a full change log, but a migration path.

Add this library to Metadata Tools

This library no longer adds itself to the metadata.

Downstream users SHOULD add the following to their BOM build processes, to keep track of the used library.

from cyclonedx.builder.this import this_component as cdx_lib_component
from cyclonedx.model.bom import Bom

bom = Bom()
bom.metadata.tools.components.add(cdx_lib_component())

Import model Tool

Class cyclonedx.model.Tool was moved to cyclonedx.model.tool.Tool. Therefore, the imports need to be migrated.

Old: from cyclonedx.model import Tool

New: from cyclonedx.model.tool import Tool

Alter Metadata Tools

Property cyclonedx.model.bom.BomMetaData.tools is an instance of cyclonedx.model.tool.ToolRepository, now. Therefore, the process of adding new tools needs to be migrated.

Old: my_bom.metadata.tools.add(my_tool)

New: my_bom.metadata.tools.tools.add(my_tool)

Alter Vulnerability Tools

Property cyclonedx.model.vulnerability.Vulnerability.tools is an instance of cyclonedx.model.tool.ToolRepository, now. Therefore, the process of adding new tools needs to be migrated.

Old: my_vulnerability.tools.add(my_tool)

New: my_vulnerability.tools.tools.add(my_tool)

Set LicenseExpression Acknowledgement

cyclonedx.model.license.LicenseExpression() no longer accepts optional arguments in a positional way, but in a key-word way.

Old: LicenseExpression(my_exp, my_acknowledgement)

New: LicenseExpression(my_exp, acknowledgement=my_acknowledgement)