cyclonedx.model
Uniform set of models to represent objects within a CycloneDX software bill-of-materials.
You can either create a cyclonedx.model.bom.Bom yourself programmatically, or generate a cyclonedx.model.bom.Bom from a cyclonedx.parser.BaseParser implementation.
Submodules
- cyclonedx.model.bom
- cyclonedx.model.bom_ref
- cyclonedx.model.component
- cyclonedx.model.component_evidence
- cyclonedx.model.contact
- cyclonedx.model.crypto
- cyclonedx.model.definition
- cyclonedx.model.dependency
- cyclonedx.model.impact_analysis
- cyclonedx.model.issue
- cyclonedx.model.license
- cyclonedx.model.lifecycle
- cyclonedx.model.release_note
- cyclonedx.model.service
- cyclonedx.model.tool
- cyclonedx.model.vulnerability
Attributes
Classes
This is our internal representation of the dataFlowType simple type within the CycloneDX standard. |
|
This is our internal representation of the dataClassificationType complex type within the CycloneDX standard. |
|
This is our internal representation of the encoding simple type within the CycloneDX standard. |
|
This is our internal representation of the attachedTextType complex type within the CycloneDX standard. |
|
This is our internal representation of the hashAlg simple type within the CycloneDX standard. |
|
This is our internal representation of the hashType complex type within the CycloneDX standard. |
|
Enum object that defines the permissible 'types' for an External Reference according to the CycloneDX schema. |
|
Helper class that allows us to perform validation on data strings that are defined as xs:anyURI |
|
This is our internal representation of an ExternalReference complex type that can be used in multiple places within |
|
This is our internal representation of propertyType complex type that can be used in multiple places within |
|
This is our internal representation of the Note.text complex type that can be used in multiple places within |
|
This is our internal representation of the Note complex type that can be used in multiple places within |
|
This is our internal representation of the identifiableActionType complex type. |
|
This is our internal representation of the copyrightsType complex type. |
Functions
|
Check if a hash algorithm is supported in a schema version. |
|
Get the appropriate external reference type for a schema version. |
Package Contents
- class cyclonedx.model.DataFlow
Bases:
str,enum.EnumThis is our internal representation of the dataFlowType simple type within the CycloneDX standard.
Note
See the CycloneDX Schema: https://cyclonedx.org/docs/1.7/xml/#type_dataFlowType
- INBOUND = 'inbound'
- OUTBOUND = 'outbound'
- BI_DIRECTIONAL = 'bi-directional'
- UNKNOWN = 'unknown'
- class cyclonedx.model.DataClassification
This is our internal representation of the dataClassificationType complex type within the CycloneDX standard.
DataClassification might be deprecated since CycloneDX 1.5, but it is not deprecated in this library. In fact, this library will try to provide a compatibility layer if needed.
Note
See the CycloneDX Schema for dataClassificationType: https://cyclonedx.org/docs/1.7/xml/#type_dataClassificationType
- classification: str
- class cyclonedx.model.Encoding
Bases:
str,enum.EnumThis is our internal representation of the encoding simple type within the CycloneDX standard.
Note
See the CycloneDX Schema: https://cyclonedx.org/docs/1.7/xml/#type_encoding
- BASE_64 = 'base64'
- class cyclonedx.model.AttachedText
This is our internal representation of the attachedTextType complex type within the CycloneDX standard.
Note
See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.7/xml/#type_attachedTextType
- DEFAULT_CONTENT_TYPE = 'text/plain'
- content: str
- content_type: str
- class cyclonedx.model.HashAlgorithm
Bases:
str,enum.EnumThis is our internal representation of the hashAlg simple type within the CycloneDX standard.
Note
See the CycloneDX Schema: https://cyclonedx.org/docs/1.7/xml/#type_hashAlg
- BLAKE2B_256 = 'BLAKE2b-256'
- BLAKE2B_384 = 'BLAKE2b-384'
- BLAKE2B_512 = 'BLAKE2b-512'
- BLAKE3 = 'BLAKE3'
- MD5 = 'MD5'
- SHA_1 = 'SHA-1'
- SHA_256 = 'SHA-256'
- SHA_384 = 'SHA-384'
- SHA_512 = 'SHA-512'
- SHA3_256 = 'SHA3-256'
- SHA3_384 = 'SHA3-384'
- SHA3_512 = 'SHA3-512'
- STREEBOG_256 = 'Streebog-256'
- STREEBOG_512 = 'Streebog-512'
- cyclonedx.model.HASH_ALG_VERSIONS: dict[HashAlgorithm, set[cyclonedx.schema.SchemaVersion]]
- cyclonedx.model.is_hash_alg_supported(alg: HashAlgorithm, version: cyclonedx.schema.SchemaVersion) bool
Check if a hash algorithm is supported in a schema version.
- class cyclonedx.model.HashType
This is our internal representation of the hashType complex type within the CycloneDX standard.
Note
See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.7/xml/#type_hashType
- alg: HashAlgorithm
- content: str
- static from_hashlib_alg(hashlib_alg: str, content: str) HashType
Deprecated — Alias of
cyclonedx.contrib.hash.factories.HashTypeFactory.from_hashlib_alg().Deprecated since version next: Use
cyclonedx.contrib.hash.factories.HashTypeFactory().from_hashlib_alg()instead.
- static from_composite_str(composite_hash: str) HashType
Deprecated — Alias of
cyclonedx.contrib.hash.factories.HashTypeFactory.from_composite_str().Deprecated since version next: Use
cyclonedx.contrib.hash.factories.HashTypeFactory().from_composite_str()instead.
- class cyclonedx.model.ExternalReferenceType
Bases:
str,enum.EnumEnum object that defines the permissible ‘types’ for an External Reference according to the CycloneDX schema.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_externalReferenceType
- ADVERSARY_MODEL = 'adversary-model'
- ADVISORIES = 'advisories'
- ATTESTATION = 'attestation'
- BOM = 'bom'
- BUILD_META = 'build-meta'
- BUILD_SYSTEM = 'build-system'
- CERTIFICATION_REPORT = 'certification-report'
- CHAT = 'chat'
- CITATION = 'citation'
- CODIFIED_INFRASTRUCTURE = 'codified-infrastructure'
- COMPONENT_ANALYSIS_REPORT = 'component-analysis-report'
- CONFIGURATION = 'configuration'
- DIGITAL_SIGNATURE = 'digital-signature'
- DISTRIBUTION = 'distribution'
- DISTRIBUTION_INTAKE = 'distribution-intake'
- DOCUMENTATION = 'documentation'
- DYNAMIC_ANALYSIS_REPORT = 'dynamic-analysis-report'
- ELECTRONIC_SIGNATURE = 'electronic-signature'
- EVIDENCE = 'evidence'
- EXPLOITABILITY_STATEMENT = 'exploitability-statement'
- FORMULATION = 'formulation'
- ISSUE_TRACKER = 'issue-tracker'
- LICENSE = 'license'
- LOG = 'log'
- MAILING_LIST = 'mailing-list'
- MATURITY_REPORT = 'maturity-report'
- MODEL_CARD = 'model-card'
- PATENT = 'patent'
- PATENT_ASSERTION = 'patent-assertion'
- PATENT_FAMILY = 'patent-family'
- PENTEST_REPORT = 'pentest-report'
- POAM = 'poam'
- QUALITY_METRICS = 'quality-metrics'
- RELEASE_NOTES = 'release-notes'
- RFC_9166 = 'rfc-9116'
- RISK_ASSESSMENT = 'risk-assessment'
- RUNTIME_ANALYSIS_REPORT = 'runtime-analysis-report'
- SECURITY_CONTACT = 'security-contact'
- STATIC_ANALYSIS_REPORT = 'static-analysis-report'
- SOCIAL = 'social'
- SOURCE_DISTRIBUTION = 'source-distribution'
- SCM = 'vcs'
- SUPPORT = 'support'
- THREAT_MODEL = 'threat-model'
- VCS = 'vcs'
- VULNERABILITY_ASSERTION = 'vulnerability-assertion'
- WEBSITE = 'website'
- OTHER = 'other'
- cyclonedx.model.EXTREF_TYPE_VERSIONS: dict[ExternalReferenceType, set[cyclonedx.schema.SchemaVersion]]
- cyclonedx.model.get_extref_type_for_version(extref_type: ExternalReferenceType, version: cyclonedx.schema.SchemaVersion) ExternalReferenceType
Get the appropriate external reference type for a schema version.
Returns OTHER if the type is not supported in the given version.
- class cyclonedx.model.XsUri(uri: str)
Helper class that allows us to perform validation on data strings that are defined as xs:anyURI in CycloneDX schema.
Developers can just use this via str(XsUri(‘https://www.google.com’)).
Note
See XSD definition for xsd:anyURI: http://www.datypic.com/sc/xsd/t-xsd_anyURI.html See JSON Schema definition for iri-reference: https://tools.ietf.org/html/rfc3987
- property uri: str
- classmethod serialize(o: Any) str
- classmethod make_bom_link(serial_number: uuid.UUID | str, version: int = 1, bom_ref: str | bom_ref.BomRef | None = None) XsUri
Generate a BOM-Link URI.
- is_bom_link() bool
Check if the URI is a BOM-Link.
- class cyclonedx.model.ExternalReference
This is our internal representation of an ExternalReference complex type that can be used in multiple places within a CycloneDX BOM document.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_externalReference
- type: ExternalReferenceType
- comment: str | None
- class cyclonedx.model.Property
This is our internal representation of propertyType complex type that can be used in multiple places within a CycloneDX BOM document.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_propertyType
Specifies an individual property with a name and value.
- name: str
- value: str | None
- class cyclonedx.model.NoteText
This is our internal representation of the Note.text complex type that can be used in multiple places within a CycloneDX BOM document.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_releaseNotesType
- DEFAULT_CONTENT_TYPE: ClassVar[str] = 'text/plain'
- content: str
- content_type: str | None
- class cyclonedx.model.Note
This is our internal representation of the Note complex type that can be used in multiple places within a CycloneDX BOM document.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_releaseNotesType
- locale: str | None
- class cyclonedx.model.IdentifiableAction
This is our internal representation of the identifiableActionType complex type.
Note
See the CycloneDX specification: https://cyclonedx.org/docs/1.7/xml/#type_identifiableActionType
- timestamp: datetime.datetime | None
- name: str | None
- email: str | None
- class cyclonedx.model.Copyright
This is our internal representation of the copyrightsType complex type.
Note
See the CycloneDX specification: https://cyclonedx.org/docs/1.7/xml/#type_copyrightsType
- text: str