cyclonedx.model.bom
Classes
This is our internal representation of the metadata complex type within the CycloneDX standard. |
|
This is our internal representation of a bill-of-materials (BOM). |
Module Contents
- class cyclonedx.model.bom.BomMetaData(*, tools: Iterable[cyclonedx.model.tool.Tool] | cyclonedx.model.tool.ToolRepository | None = None, authors: Iterable[cyclonedx.model.contact.OrganizationalContact] | None = None, component: cyclonedx.model.component.Component | None = None, supplier: cyclonedx.model.contact.OrganizationalEntity | None = None, licenses: Iterable[cyclonedx.model.license.License] | None = None, properties: Iterable[cyclonedx.model.Property] | None = None, timestamp: datetime.datetime | None = None, manufacturer: cyclonedx.model.contact.OrganizationalEntity | None = None, lifecycles: Iterable[cyclonedx.model.lifecycle.Lifecycle] | None = None, manufacture: cyclonedx.model.contact.OrganizationalEntity | None = None)
This is our internal representation of the metadata complex type within the CycloneDX standard.
Note
See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.6/#type_metadata
- property timestamp: datetime.datetime
The date and time (in UTC) when this BomMetaData was created.
- Returns:
datetime instance in UTC timezone
- property tools: cyclonedx.model.tool.ToolRepository
Tools used to create this BOM.
- Returns:
ToolRepository
object.
- property authors: SortedSet[OrganizationalContact]
The person(s) who created the BOM.
Authors are common in BOMs created through manual processes.
BOMs created through automated means may not have authors.
- Returns:
Set of OrganizationalContact
- property component: cyclonedx.model.component.Component | None
The (optional) component that the BOM describes.
- Returns:
cyclonedx.model.component.Component instance for this Bom Metadata.
- property supplier: cyclonedx.model.contact.OrganizationalEntity | None
The organization that supplied the component that the BOM describes.
The supplier may often be the manufacturer, but may also be a distributor or repackager.
- Returns:
OrganizationalEntity if set else None
- property licenses: cyclonedx.model.license.LicenseRepository
A optional list of statements about how this BOM is licensed.
- Returns:
Set of LicenseChoice
- property properties: SortedSet[Property]
Provides the ability to document properties in a key/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions.
Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL.
- Return:
Set of Property
- property manufacturer: cyclonedx.model.contact.OrganizationalEntity | None
The organization that created the BOM. Manufacturer is common in BOMs created through automated processes. BOMs created through manual means may have @.authors instead.
- Returns:
OrganizationalEntity if set else None
- property lifecycles: cyclonedx.model.lifecycle.LifecycleRepository
An optional list of BOM lifecycle stages.
- Returns:
Set of Lifecycle
- property manufacture: cyclonedx.model.contact.OrganizationalEntity | None
The organization that manufactured the component that the BOM describes.
- Returns:
OrganizationalEntity if set else None
- class cyclonedx.model.bom.Bom(*, components: Iterable[cyclonedx.model.component.Component] | None = None, services: Iterable[cyclonedx.model.service.Service] | None = None, external_references: Iterable[cyclonedx.model.ExternalReference] | None = None, serial_number: uuid.UUID | None = None, version: int = 1, metadata: BomMetaData | None = None, dependencies: Iterable[cyclonedx.model.dependency.Dependency] | None = None, vulnerabilities: Iterable[cyclonedx.model.vulnerability.Vulnerability] | None = None, properties: Iterable[cyclonedx.model.Property] | None = None, definitions: cyclonedx.model.definition.Definitions | None = None)
This is our internal representation of a bill-of-materials (BOM).
Once you have an instance of cyclonedx.model.bom.Bom, you can pass this to an instance of cyclonedx.output.BaseOutput to produce a CycloneDX document according to a specific schema version and format.
- property serial_number: uuid.UUID
Unique UUID for this BOM
- Returns:
UUID instance UUID instance
- property version: int
- property metadata: BomMetaData
Get our internal metadata object for this Bom.
- Returns:
Metadata object instance for this Bom.
Note
See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.6/#type_metadata
- property components: SortedSet[Component]
Get all the Components currently in this Bom.
- Returns:
Set of Component in this Bom
- property services: SortedSet[Service]
Get all the Services currently in this Bom.
- Returns:
Set of Service in this BOM
- property external_references: SortedSet[ExternalReference]
Provides the ability to document external references related to the BOM or to the project the BOM describes.
- Returns:
Set of ExternalReference
- property vulnerabilities: SortedSet[Vulnerability]
Get all the Vulnerabilities in this BOM.
- Returns:
Set of Vulnerability
- property dependencies: SortedSet[Dependency]
- property properties: SortedSet[Property]
Provides the ability to document properties in a name/value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Property names of interest to the general public are encouraged to be registered in the CycloneDX Property Taxonomy - https://github.com/CycloneDX/cyclonedx-property-taxonomy. Formal registration is OPTIONAL.
- Return:
Set of Property
- property definitions: cyclonedx.model.definition.Definitions | None
The repository for definitions
- Returns:
Definitions
- get_component_by_purl(purl: packageurl.PackageURL | None) cyclonedx.model.component.Component | None
Get a Component already in the Bom by its PURL
- Args:
- purl:
An instance of packageurl.PackageURL to look and find Component.
- Returns:
Component or None
- get_urn_uuid() str
Get the unique reference for this Bom.
- Returns:
URN formatted UUID that uniquely identified this Bom instance.
- has_component(component: cyclonedx.model.component.Component) bool
Check whether this Bom contains the provided Component.
- Args:
- component:
The instance of cyclonedx.model.component.Component to check if this Bom contains.
- Returns:
bool - True if the supplied Component is part of this Bom, False otherwise.
- get_vulnerabilities_for_bom_ref(bom_ref: cyclonedx.model.bom_ref.BomRef) SortedSet[Vulnerability]
Get all known Vulnerabilities that affect the supplied bom_ref.
- Args:
bom_ref: BomRef
- Returns:
SortedSet of Vulnerability
- has_vulnerabilities() bool
Check whether this Bom has any declared vulnerabilities.
- Returns:
bool - True if this Bom has at least one Vulnerability, False otherwise.
- register_dependency(target: cyclonedx.model.dependency.Dependable, depends_on: Iterable[cyclonedx.model.dependency.Dependable] | None = None) None
- urn() str
- validate() bool
Perform data-model level validations to make sure we have some known data integrity prior to attempting output of this Bom
- Returns:
bool