cyclonedx.model.bom
Classes
Enum object that defines the Traffic Light Protocol (TLP) classification that controls the sharing and distribution |
|
Our internal representation of the distributionConstraints complex type. |
|
This is our internal representation of the metadata complex type within the CycloneDX standard. |
|
This is our internal representation of a bill-of-materials (BOM). |
Module Contents
- class cyclonedx.model.bom.TlpClassification
Bases:
str,enum.EnumEnum object that defines the Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes.
Note
Introduced in CycloneDX v1.7
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_tlpClassificationType
- CLEAR = 'CLEAR'
- GREEN = 'GREEN'
- AMBER = 'AMBER'
- AMBER_AND_STRICT = 'AMBER_AND_STRICT'
- RED = 'RED'
- class cyclonedx.model.bom.DistributionConstraints
Our internal representation of the distributionConstraints complex type. Conditions and constraints governing the sharing and distribution of the data or components described by this BOM.
Note
Introduced in CycloneDX v1.7
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_metadata
- tlp: TlpClassification
The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes.
- class cyclonedx.model.bom.BomMetaData
This is our internal representation of the metadata complex type within the CycloneDX standard.
Note
See the CycloneDX Schema for Bom metadata: https://cyclonedx.org/docs/1.7/xml/#type_metadata
- timestamp: datetime.datetime
The date and time (in UTC) when this BomMetaData was created.
- component: cyclonedx.model.component.Component | None
The (optional) component that the BOM describes.
- manufacturer: cyclonedx.model.contact.OrganizationalEntity | None
The organization that created the BOM.
- supplier: cyclonedx.model.contact.OrganizationalEntity | None
The organization that supplied the component that the BOM describes.
- distribution_constraints: DistributionConstraints | None
Conditions and constraints governing the sharing and distribution of the data.
- property lifecycles: cyclonedx.model.lifecycle.LifecycleRepository
An optional list of BOM lifecycle stages.
- property tools: cyclonedx.model.tool.ToolRepository
Tools used to create this BOM.
- property authors: SortedSet[OrganizationalContact]
The person(s) who created the BOM.
- property manufacture: cyclonedx.model.contact.OrganizationalEntity | None
The organization that manufactured the component that the BOM describes (deprecated).
- property licenses: cyclonedx.model.license.LicenseRepository
A optional list of statements about how this BOM is licensed.
- class cyclonedx.model.bom.Bom
This is our internal representation of a bill-of-materials (BOM).
Once you have an instance of cyclonedx.model.bom.Bom, you can pass this to an instance of cyclonedx.output.BaseOutput to produce a CycloneDX document according to a specific schema version and format.
- serial_number: uuid.UUID
Unique UUID for this BOM.
- version: int
The version of this BOM.
- metadata: BomMetaData
Metadata for this BOM.
- definitions: cyclonedx.model.definition.Definitions | None
Definitions for this BOM.
- property external_references: SortedSet[ExternalReference]
Provides the ability to document external references related to the BOM.
- property dependencies: SortedSet[Dependency]
Dependencies in this BOM.
- property vulnerabilities: SortedSet[Vulnerability]
Get all the Vulnerabilities in this BOM.
- get_component_by_purl(purl: packageurl.PackageURL | None) cyclonedx.model.component.Component | None
Get a Component already in the Bom by its PURL
- Args:
- purl:
An instance of packageurl.PackageURL to look and find Component.
- Returns:
Component or None
Deprecated since version next.
- get_urn_uuid() str
Get the unique reference for this Bom.
- Returns:
URN formatted UUID that uniquely identified this Bom instance.
Deprecated since version next.
- has_component(component: cyclonedx.model.component.Component) bool
Check whether this Bom contains the provided Component.
- Args:
- component:
The instance of cyclonedx.model.component.Component to check if this Bom contains.
- Returns:
bool - True if the supplied Component is part of this Bom, False otherwise.
Deprecated since version next.
- get_vulnerabilities_for_bom_ref(bom_ref: cyclonedx.model.bom_ref.BomRef) SortedSet[Vulnerability]
Get all known Vulnerabilities that affect the supplied bom_ref.
- Args:
bom_ref: BomRef
- Returns:
SortedSet of Vulnerability
Deprecated since version next: Deprecated without any replacement.
- has_vulnerabilities() bool
Check whether this Bom has any declared vulnerabilities.
- Returns:
bool - True if this Bom has at least one Vulnerability, False otherwise.
Deprecated since version next: Deprecated without any replacement.
- register_dependency(target: cyclonedx.model.dependency.Dependable, depends_on: collections.abc.Iterable[cyclonedx.model.dependency.Dependable] | None = None) None
- urn() str
Deprecated since version next: Deprecated without any replacement.
- validate() bool
Perform data-model level validations to make sure we have some known data integrity prior to attempting output of this Bom
- Returns:
bool
Deprecated since version next: Deprecated without any replacement.