cyclonedx-python
cyclonedx-python copied to clipboard
CycloneDX
[FEATURE] Populate `bom.metadata.component`
As of 3.5.0, the SBOM resulting from running e.g. cyclonedx-bom --format json --output bom.json -e does not come with a metadata.component object.
Sure, one is able to modify the SBOM by hand. But to align the Python SBOM creator tool more with CycloneDX's own plugins for other languages/build tools - like Gradle or NPM -, it'd be neat if it came with the optional setting, along with a default value, for the project's/parent component's type.
tried to reproduce the described behaviour via
# clone this repo
# setup the project
poetry install
# generate the sbom of self
poetry run cyclonedx-bom --poetry --format json --output -
output: (beautified for readability on debugging)
{
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"serialNumber": "urn:uuid:4fd5a63a-311f-4490-9d97-3dd8faae8c5b",
"version": 1,
"metadata": {
"timestamp": "2022-07-20T18:33:52.605138+00:00",
"tools": [
{
"vendor": "CycloneDX",
"name": "cyclonedx-bom",
"version": "3.5.0"
},
{
"vendor": "CycloneDX",
"name": "cyclonedx-python-lib",
"version": "2.5.2",
"externalReferences": [
{
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/actions",
"type": "build-system"
},
{
"url": "https://pypi.org/project/cyclonedx-python-lib/",
"type": "distribution"
},
{
"url": "https://cyclonedx.github.io/cyclonedx-python-lib/",
"type": "documentation"
},
{
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/issues",
"type": "issue-tracker"
},
{
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/LICENSE",
"type": "license"
},
{
"url": "https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CHANGELOG.md",
"type": "release-notes"
},
{
"url": "https://github.com/CycloneDX/cyclonedx-python-lib",
"type": "vcs"
},
{
"url": "https://cyclonedx.org",
"type": "website"
}
]
}
]
},
"components": [
{
"type": "library",
"bom-ref": "221e9ebf-637f-42ea-92f9-4d377b718b04",
"name": "attrs",
"version": "21.4.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/attrs/21.4.0",
"comment": "Distribution file: attrs-21.4.0-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "2d27e3784d7a565d36ab851fe94887c5eccd6a463168875832a1be79c82828b4"
}
]
},
{
"url": "https://pypi.org/project/attrs/21.4.0",
"comment": "Distribution file: attrs-21.4.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "626ba8234211db98e869df76230a137c4c40a12d72445c45d5f5b716f076e2fd"
}
]
}
]
},
{
"type": "library",
"bom-ref": "9355a3bb-2789-4b11-95f2-e60d3756062d",
"name": "autopep8",
"version": "1.6.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/autopep8/1.6.0",
"comment": "Distribution file: autopep8-1.6.0-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "ed77137193bbac52d029a52c59bec1b0629b5a186c495f1eb21b126ac466083f"
}
]
},
{
"url": "https://pypi.org/project/autopep8/1.6.0",
"comment": "Distribution file: autopep8-1.6.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "44f0932855039d2c15c4510d6df665e4730f2b8582704fa48f9c55bd3e17d979"
}
]
}
]
},
{
"type": "library",
"bom-ref": "1d127a2c-e89d-4d9a-b2fc-0eff17325f4f",
"name": "colorama",
"version": "0.4.4",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/colorama/0.4.4",
"comment": "Distribution file: colorama-0.4.4-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "9f47eda37229f68eee03b24b9748937c7dc3868f906e8ba69fbcbdd3bc5dc3e2"
}
]
},
{
"url": "https://pypi.org/project/colorama/0.4.4",
"comment": "Distribution file: colorama-0.4.4.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"
}
]
}
]
},
{
"type": "library",
"bom-ref": "85b55ad5-5988-4cbd-af48-9b5dff125742",
"name": "coverage",
"version": "6.2",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp310-cp310-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "6dbc1536e105adda7a6312c778f15aaabe583b0e9a0b0a324990334fd458c94b"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "174cf9b4bef0db2e8244f82059a5a72bd47e1d40e71c68ab055425172b16b7d0"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "92b8c845527eae547a2a6617d336adc56394050c3ed8a6918683646328fbb6da"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "c7912d1526299cb04c88288e148c6c87c0df600eca76efd99d84396cfe00ef1d"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp310-cp310-musllinux_1_1_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "d5d2033d5db1d58ae2d62f095e1aefb6988af65b4b12cb8987af409587cc0739"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp310-cp310-musllinux_1_1_i686.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "3feac4084291642165c3a0d9eaebedf19ffa505016c4d3db15bfe235718d4971"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp310-cp310-musllinux_1_1_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "276651978c94a8c5672ea60a2656e95a3cce2a3f31e9fb2d5ebd4c215d095840"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp310-cp310-win32.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "f506af4f27def639ba45789fa6fde45f9a217da0be05f8910458e4557eed020c"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp310-cp310-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "3f7c17209eef285c86f819ff04a6d4cbee9b33ef05cbcaae4c0b4e8e06b3ec8f"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp311-cp311-macosx_10_14_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "13362889b2d46e8d9f97c421539c97c963e34031ab0cb89e8ca83a10cc71ac76"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp311-cp311-manylinux_2_5_x86_64.manylinux1_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "22e60a3ca5acba37d1d4a2ee66e051f5b0e1b9ac950b5b0cf4aa5366eda41d47"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp311-cp311-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "b637c57fdb8be84e91fac60d9325a66a5981f8086c954ea2772efe28425eaf64"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp36-cp36m-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "f467bbb837691ab5a8ca359199d3429a11a01e6dfb3d9dcc676dc035ca93c0a9"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "2641f803ee9f95b1f387f3e8f3bf28d83d9b69a39e9911e5bfee832bea75240d"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp36-cp36m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "1219d760ccfafc03c0822ae2e06e3b1248a8e6d1a70928966bafc6838d3c9e48"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "9a2b5b52be0a8626fcbffd7e689781bf8c2ac01613e77feda93d96184949a98e"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp36-cp36m-musllinux_1_1_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "8e2c35a4c1f269704e90888e56f794e2d9c0262fb0c1b1c8c4ee44d9b9e77b5d"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp36-cp36m-musllinux_1_1_i686.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "5d6b09c972ce9200264c35a1d53d43ca55ef61836d9ec60f0d44273a31aa9f17"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp36-cp36m-musllinux_1_1_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "e3db840a4dee542e37e09f30859f1612da90e1c5239a6a2498c473183a50e781"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp36-cp36m-win32.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "4e547122ca2d244f7c090fe3f4b5a5861255ff66b7ab6d98f44a0222aaf8671a"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp36-cp36m-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "01774a2c2c729619760320270e42cd9e797427ecfddd32c2a7b639cdc481f3c0"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp37-cp37m-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "fb8b8ee99b3fffe4fd86f4c81b35a6bf7e4462cba019997af2fe679365db0c49"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "619346d57c7126ae49ac95b11b0dc8e36c1dd49d148477461bb66c8cf13bb521"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp37-cp37m-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "0a7726f74ff63f41e95ed3a89fef002916c828bb5fcae83b505b49d81a066884"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "cfd9386c1d6f13b37e05a91a8583e802f8059bebfccde61a418c5808dea6bbfa"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp37-cp37m-musllinux_1_1_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "17e6c11038d4ed6e8af1407d9e89a2904d573be29d51515f14262d7f10ef0a64"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp37-cp37m-musllinux_1_1_i686.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "c254b03032d5a06de049ce8bca8338a5185f07fb76600afff3c161e053d88617"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp37-cp37m-musllinux_1_1_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "dca38a21e4423f3edb821292e97cec7ad38086f84313462098568baedf4331f8"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp37-cp37m-win32.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "600617008aa82032ddeace2535626d1bc212dfff32b43989539deda63b3f36e4"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp37-cp37m-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "bf154ba7ee2fd613eb541c2bc03d3d9ac667080a737449d1a3fb342740eb1a74"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp38-cp38-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "f9afb5b746781fc2abce26193d1c817b7eb0e11459510fba65d2bd77fe161d9e"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "edcada2e24ed68f019175c2b2af2a8b481d3d084798b8c20d15d34f5c733fa58"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp38-cp38-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "a9c8c4283e17690ff1a7427123ffb428ad6a52ed720d550e299e8291e33184dc"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "f614fc9956d76d8a88a88bb41ddc12709caa755666f580af3a688899721efecd"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp38-cp38-musllinux_1_1_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "9365ed5cce5d0cf2c10afc6add145c5037d3148585b8ae0e77cc1efdd6aa2953"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp38-cp38-musllinux_1_1_i686.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "8bdfe9ff3a4ea37d17f172ac0dff1e1c383aec17a636b9b35906babc9f0f5475"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp38-cp38-musllinux_1_1_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "63c424e6f5b4ab1cf1e23a43b12f542b0ec2e54f99ec9f11b75382152981df57"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp38-cp38-win32.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "49dbff64961bc9bdd2289a2bda6a3a5a331964ba5497f694e2cbd540d656dc1c"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp38-cp38-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "9a29311bd6429be317c1f3fe4bc06c4c5ee45e2fa61b2a19d4d1d6111cb94af2"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp39-cp39-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "03b20e52b7d31be571c9c06b74746746d4eb82fc260e594dc662ed48145e9efd"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "215f8afcc02a24c2d9a10d3790b21054b58d71f4b3c6f055d4bb1b15cecce685"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_12_i686.manylinux2010_i686.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "a4bdeb0a52d1d04123b41d90a4390b096f3ef38eee35e11f0b22c2d031222c6c"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "c332d8f8d448ded473b97fefe4a0983265af21917d8b0cdcb8bb06b2afe632c3"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp39-cp39-win32.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "6e1394d24d5938e561fbeaa0cd3d356207579c28bd1792f25a068743f2d5b282"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-cp39-cp39-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "86f2e78b1eff847609b1ca8050c9e1fa3bd44ce755b2ec30e70f2d3ba3844644"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2-pp36.pp37.pp38-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "5829192582c0ec8ca4a2532407bc14c2f338d9878a10442f5d03804a95fac9de"
}
]
},
{
"url": "https://pypi.org/project/coverage/6.2",
"comment": "Distribution file: coverage-6.2.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "e2cad8093172b7d1595b4ad66f24270808658e11acf43a8f95b41276162eb5b8"
}
]
}
]
},
{
"type": "library",
"bom-ref": "71fd7a0e-4121-47d7-88f8-cb3b692167be",
"name": "cyclonedx-python-lib",
"version": "2.5.2",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/cyclonedx-python-lib/2.5.2",
"comment": "Distribution file: cyclonedx-python-lib-2.5.2.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "875c0dac4c8be1da58cef399eb09ceba8668a153d2bfed67b7af8bdbca5bad61"
}
]
},
{
"url": "https://pypi.org/project/cyclonedx-python-lib/2.5.2",
"comment": "Distribution file: cyclonedx_python_lib-2.5.2-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "7a3aebcc1603e2cb0bc13ebf4274d2bd28ee46d199a7c2c05bd9d823ea7143e4"
}
]
}
]
},
{
"type": "library",
"bom-ref": "368e142c-aacc-411b-b2de-61611cc0c07c",
"name": "distlib",
"version": "0.3.4",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/distlib/0.3.4",
"comment": "Distribution file: distlib-0.3.4-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "6564fe0a8f51e734df6333d08b8b94d4ea8ee6b99b5ed50613f731fd4089f34b"
}
]
},
{
"url": "https://pypi.org/project/distlib/0.3.4",
"comment": "Distribution file: distlib-0.3.4.zip",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "e4b58818180336dc9c529bfb9a0b58728ffc09ad92027a3f30b7cd91e3458579"
}
]
}
]
},
{
"type": "library",
"bom-ref": "b7821c28-1a71-4acc-8723-fbc9884ca353",
"name": "filelock",
"version": "3.4.1",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/filelock/3.4.1",
"comment": "Distribution file: filelock-3.4.1-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "a4bc51381e01502a30e9f06dd4fa19a1712eab852b6fb0f84fd7cce0793d8ca3"
}
]
},
{
"url": "https://pypi.org/project/filelock/3.4.1",
"comment": "Distribution file: filelock-3.4.1.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "0f12f552b42b5bf60dba233710bf71337d35494fc8bdd4fd6d9f6d082ad45e06"
}
]
}
]
},
{
"type": "library",
"bom-ref": "fa4bfc98-fd00-4cb7-a820-4b0d0e46eabf",
"name": "flake8",
"version": "4.0.1",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/flake8/4.0.1",
"comment": "Distribution file: flake8-4.0.1-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "479b1304f72536a55948cb40a32dce8bb0ffe3501e26eaf292c7e60eb5e0428d"
}
]
},
{
"url": "https://pypi.org/project/flake8/4.0.1",
"comment": "Distribution file: flake8-4.0.1.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "806e034dda44114815e23c16ef92f95c91e4c71100ff52813adf7132a6ad870d"
}
]
}
]
},
{
"type": "library",
"bom-ref": "82f5d4c0-0cd3-4e68-89af-1eb9f375918f",
"name": "flake8-annotations",
"version": "2.7.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/flake8-annotations/2.7.0",
"comment": "Distribution file: flake8-annotations-2.7.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "52e53c05b0c06cac1c2dec192ea2c36e85081238add3bd99421d56f574b9479b"
}
]
},
{
"url": "https://pypi.org/project/flake8-annotations/2.7.0",
"comment": "Distribution file: flake8_annotations-2.7.0-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "3edfbbfb58e404868834fe6ec3eaf49c139f64f0701259f707d043185545151e"
}
]
}
]
},
{
"type": "library",
"bom-ref": "66e202c0-21cb-46e2-b3d8-06f57db16904",
"name": "flake8-bugbear",
"version": "22.7.1",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/flake8-bugbear/22.7.1",
"comment": "Distribution file: flake8-bugbear-22.7.1.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "e450976a07e4f9d6c043d4f72b17ec1baf717fe37f7997009c8ae58064f88305"
}
]
},
{
"url": "https://pypi.org/project/flake8-bugbear/22.7.1",
"comment": "Distribution file: flake8_bugbear-22.7.1-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "db5d7a831ef4412a224b26c708967ff816818cabae415e76b8c58df156c4b8e5"
}
]
}
]
},
{
"type": "library",
"bom-ref": "64270487-d39e-497f-86ad-ec4ac6a7d3d3",
"name": "flake8-isort",
"version": "4.1.1",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/flake8-isort/4.1.1",
"comment": "Distribution file: flake8-isort-4.1.1.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "d814304ab70e6e58859bc5c3e221e2e6e71c958e7005239202fee19c24f82717"
}
]
},
{
"url": "https://pypi.org/project/flake8-isort/4.1.1",
"comment": "Distribution file: flake8_isort-4.1.1-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "c4e8b6dcb7be9b71a02e6e5d4196cefcef0f3447be51e82730fb336fff164949"
}
]
}
]
},
{
"type": "library",
"bom-ref": "5a15e858-a9a7-449b-a8e7-b028501983a6",
"name": "importlib-metadata",
"version": "4.2.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-metadata/4.2.0",
"comment": "Distribution file: importlib_metadata-4.2.0-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "057e92c15bc8d9e8109738a48db0ccb31b4d9d5cfbee5a8670879a30be66304b"
}
]
},
{
"url": "https://pypi.org/project/importlib-metadata/4.2.0",
"comment": "Distribution file: importlib_metadata-4.2.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "b7e52a1f8dec14a75ea73e0891f3060099ca1d8e6a462a4dff11c3e119ea1b31"
}
]
}
]
},
{
"type": "library",
"bom-ref": "a2f9b409-1157-439a-b80a-c774e832dc77",
"name": "importlib-resources",
"version": "5.4.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/importlib-resources/5.4.0",
"comment": "Distribution file: importlib_resources-5.4.0-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "33a95faed5fc19b4bc16b29a6eeae248a3fe69dd55d4d229d2b480e23eeaad45"
}
]
},
{
"url": "https://pypi.org/project/importlib-resources/5.4.0",
"comment": "Distribution file: importlib_resources-5.4.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "d756e2f85dd4de2ba89be0b21dba2a3bbec2e871a42a3a16719258a11f87506b"
}
]
}
]
},
{
"type": "library",
"bom-ref": "c42b266b-6645-4fbb-bc22-30658d1094b6",
"name": "isort",
"version": "5.10.1",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/isort/5.10.1",
"comment": "Distribution file: isort-5.10.1-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "6f62d78e2f89b4500b080fe3a81690850cd254227f27f75c3a0c491a1f351ba7"
}
]
},
{
"url": "https://pypi.org/project/isort/5.10.1",
"comment": "Distribution file: isort-5.10.1.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "e8443a5e7a020e9d7f97f1d7d9cd17c88bcb3bc7e218bf9cf5095fe550be2951"
}
]
}
]
},
{
"type": "library",
"bom-ref": "35afcc71-b81a-42a5-811d-54945937c882",
"name": "mccabe",
"version": "0.6.1",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/mccabe/0.6.1",
"comment": "Distribution file: mccabe-0.6.1-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"
}
]
},
{
"url": "https://pypi.org/project/mccabe/0.6.1",
"comment": "Distribution file: mccabe-0.6.1.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"
}
]
}
]
},
{
"type": "library",
"bom-ref": "e951705e-30c4-497a-98ef-f9d141136a46",
"name": "mypy",
"version": "0.971",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp310-cp310-macosx_10_9_universal2.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "f2899a3cbd394da157194f913a931edfd4be5f274a88041c9dc2d9cdcb1c315c"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp310-cp310-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "98e02d56ebe93981c41211c05adb630d1d26c14195d04d95e49cd97dbc046dc5"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp310-cp310-macosx_11_0_arm64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "19830b7dba7d5356d3e26e2427a2ec91c994cd92d983142cbd025ebe81d69cf3"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "02ef476f6dcb86e6f502ae39a16b93285fef97e7f1ff22932b657d1ef1f28655"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp310-cp310-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "25c5750ba5609a0c7550b73a33deb314ecfb559c350bb050b655505e8aed4103"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp36-cp36m-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "d3348e7eb2eea2472db611486846742d5d52d1290576de99d59edeb7cd4a42ca"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "3fa7a477b9900be9b7dd4bab30a12759e5abe9586574ceb944bc29cddf8f0417"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp36-cp36m-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "2ad53cf9c3adc43cf3bea0a7d01a2f2e86db9fe7596dfecb4496a5dda63cbb09"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp37-cp37m-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "855048b6feb6dfe09d3353466004490b1872887150c5bb5caad7838b57328cc8"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "23488a14a83bca6e54402c2e6435467a4138785df93ec85aeff64c6170077fb0"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp37-cp37m-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "4b21e5b1a70dfb972490035128f305c39bc4bc253f34e96a4adf9127cf943eb2"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp38-cp38-macosx_10_9_universal2.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "9796a2ba7b4b538649caa5cecd398d873f4022ed2333ffde58eaf604c4d2cb27"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp38-cp38-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "5a361d92635ad4ada1b1b2d3630fc2f53f2127d51cf2def9db83cba32e47c856"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp38-cp38-macosx_11_0_arm64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "b793b899f7cf563b1e7044a5c97361196b938e92f0a4343a5d27966a53d2ec71"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "d1ea5d12c8e2d266b5fb8c7a5d2e9c0219fedfeb493b7ed60cd350322384ac27"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp38-cp38-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "23c7ff43fff4b0df93a186581885c8512bc50fc4d4910e0f838e35d6bb6b5e58"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp39-cp39-macosx_10_9_universal2.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "1f7656b69974a6933e987ee8ffb951d836272d6c0f81d727f1d0e2696074d9e6"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp39-cp39-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "d2022bfadb7a5c2ef410d6a7c9763188afdb7f3533f22a0a32be10d571ee4bbe"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp39-cp39-macosx_11_0_arm64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "ef943c72a786b0f8d90fd76e9b39ce81fb7171172daf84bf43eaf937e9f220a9"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "d744f72eb39f69312bc6c2abf8ff6656973120e2eb3f3ec4f758ed47e414a4bf"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-cp39-cp39-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "77a514ea15d3007d33a9e2157b0ba9c267496acf12a7f2b9b9f8446337aac5b0"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "0d054ef16b071149917085f51f89555a576e2618d5d9dd70bd6eea6410af3ac9"
}
]
},
{
"url": "https://pypi.org/project/mypy/0.971",
"comment": "Distribution file: mypy-0.971.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "40b0f21484238269ae6a57200c807d80debc6459d444c0489a102d7c6a75fa56"
}
]
}
]
},
{
"type": "library",
"bom-ref": "d108a2c9-619a-46f1-ba45-bebd6472f7a6",
"name": "mypy-extensions",
"version": "0.4.3",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/mypy-extensions/0.4.3",
"comment": "Distribution file: mypy_extensions-0.4.3-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "090fedd75945a69ae91ce1303b5824f428daf5a028d2f6ab8a299250a846f15d"
}
]
},
{
"url": "https://pypi.org/project/mypy-extensions/0.4.3",
"comment": "Distribution file: mypy_extensions-0.4.3.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "2d82818f5bb3e369420cb3c4060a7970edba416647068eb4c5343488a6c604a8"
}
]
}
]
},
{
"type": "library",
"bom-ref": "bb447ba4-a9ae-4199-b6c9-e9ebb312eb5e",
"name": "packageurl-python",
"version": "0.9.9",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/packageurl-python/0.9.9",
"comment": "Distribution file: packageurl-python-0.9.9.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "872a0434b9a448b3fa97571711f69dd2a3fb72345ad66c90b17d827afea82f09"
}
]
},
{
"url": "https://pypi.org/project/packageurl-python/0.9.9",
"comment": "Distribution file: packageurl_python-0.9.9-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "07aa852d1c48b0e86e625f6a32d83f96427739806b269d0f8142788ee807114b"
}
]
}
]
},
{
"type": "library",
"bom-ref": "2b429360-f6e9-4455-82aa-ed8ee6a04098",
"name": "packaging",
"version": "21.3",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/packaging/21.3",
"comment": "Distribution file: packaging-21.3-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "ef103e05f519cdc783ae24ea4e2e0f508a9c99b2d4969652eed6a2e1ea5bd522"
}
]
},
{
"url": "https://pypi.org/project/packaging/21.3",
"comment": "Distribution file: packaging-21.3.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "dd47c42927d89ab911e606518907cc2d3a1f38bbd026385970643f9c5b8ecfeb"
}
]
}
]
},
{
"type": "library",
"bom-ref": "fda0e8b4-7b83-427a-92a8-023f65e7e2e4",
"name": "pip-requirements-parser",
"version": "31.2.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/pip-requirements-parser/31.2.0",
"comment": "Distribution file: pip-requirements-parser-31.2.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "8c2a6f8e091ac2693824a5ef4e3b250226e34f74a20a91a87b9ab0714b47788f"
}
]
},
{
"url": "https://pypi.org/project/pip-requirements-parser/31.2.0",
"comment": "Distribution file: pip_requirements_parser-31.2.0-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "22fa213a987913385b2484d5698ecfa1d9cf4154978cdf929085548af55355b0"
}
]
}
]
},
{
"type": "library",
"bom-ref": "38c1a869-5c65-4990-9a86-8c8e69cdbd62",
"name": "platformdirs",
"version": "2.4.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/platformdirs/2.4.0",
"comment": "Distribution file: platformdirs-2.4.0-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "8868bbe3c3c80d42f20156f22e7131d2fb321f5bc86a2a345375c6481a67021d"
}
]
},
{
"url": "https://pypi.org/project/platformdirs/2.4.0",
"comment": "Distribution file: platformdirs-2.4.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "367a5e80b3d04d2428ffa76d33f124cf11e8fff2acdaa9b43d545f5c7d661ef2"
}
]
}
]
},
{
"type": "library",
"bom-ref": "60bb7c13-b0b5-4056-bc66-7f6edd7f37bc",
"name": "pluggy",
"version": "1.0.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/pluggy/1.0.0",
"comment": "Distribution file: pluggy-1.0.0-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "74134bbf457f031a36d68416e1509f34bd5ccc019f0bcc952c7b909d06b37bd3"
}
]
},
{
"url": "https://pypi.org/project/pluggy/1.0.0",
"comment": "Distribution file: pluggy-1.0.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "4224373bacce55f955a878bf9cfa763c1e360858e330072059e10bad68531159"
}
]
}
]
},
{
"type": "library",
"bom-ref": "ab557d79-4499-4a92-843d-8363433a5401",
"name": "py",
"version": "1.11.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/py/1.11.0",
"comment": "Distribution file: py-1.11.0-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "607c53218732647dff4acdfcd50cb62615cedf612e72d1724fb1a0cc6405b378"
}
]
},
{
"url": "https://pypi.org/project/py/1.11.0",
"comment": "Distribution file: py-1.11.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719"
}
]
}
]
},
{
"type": "library",
"bom-ref": "673a9d4c-524d-421b-98e9-d854a0f0dc2f",
"name": "pycodestyle",
"version": "2.8.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/pycodestyle/2.8.0",
"comment": "Distribution file: pycodestyle-2.8.0-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "720f8b39dde8b293825e7ff02c475f3077124006db4f440dcbc9a20b76548a20"
}
]
},
{
"url": "https://pypi.org/project/pycodestyle/2.8.0",
"comment": "Distribution file: pycodestyle-2.8.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "eddd5847ef438ea1c7870ca7eb78a9d47ce0cdb4851a5523949f2601d0cbbe7f"
}
]
}
]
},
{
"type": "library",
"bom-ref": "df4d3aab-bee3-40a0-86d5-31db7b16d9d7",
"name": "pyflakes",
"version": "2.4.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/pyflakes/2.4.0",
"comment": "Distribution file: pyflakes-2.4.0-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "3bb3a3f256f4b7968c9c788781e4ff07dce46bdf12339dcda61053375426ee2e"
}
]
},
{
"url": "https://pypi.org/project/pyflakes/2.4.0",
"comment": "Distribution file: pyflakes-2.4.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "05a85c2872edf37a4ed30b0cce2f6093e1d0581f8c19d7393122da7e25b2b24c"
}
]
}
]
},
{
"type": "library",
"bom-ref": "d877b06b-0bcd-4eb2-9f4a-8b0877fac6bd",
"name": "pyparsing",
"version": "3.0.7",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/pyparsing/3.0.7",
"comment": "Distribution file: pyparsing-3.0.7-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "a6c06a88f252e6c322f65faf8f418b16213b51bdfaece0524c1c1bc30c63c484"
}
]
},
{
"url": "https://pypi.org/project/pyparsing/3.0.7",
"comment": "Distribution file: pyparsing-3.0.7.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "18ee9022775d270c55187733956460083db60b37d0d0fb357445f3094eed3eea"
}
]
}
]
},
{
"type": "library",
"bom-ref": "9d435103-af5b-4877-a66d-ebcc5e57b092",
"name": "six",
"version": "1.16.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/six/1.16.0",
"comment": "Distribution file: six-1.16.0-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254"
}
]
},
{
"url": "https://pypi.org/project/six/1.16.0",
"comment": "Distribution file: six-1.16.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926"
}
]
}
]
},
{
"type": "library",
"bom-ref": "7db59f1b-697f-4f80-bb60-1f9d112e6949",
"name": "sortedcontainers",
"version": "2.4.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/sortedcontainers/2.4.0",
"comment": "Distribution file: sortedcontainers-2.4.0-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "a163dcaede0f1c021485e957a39245190e74249897e2ae4b2aa38595db237ee0"
}
]
},
{
"url": "https://pypi.org/project/sortedcontainers/2.4.0",
"comment": "Distribution file: sortedcontainers-2.4.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "25caa5a06cc30b6b83d11423433f65d1f9d76c4c6a0c90e3379eaa43b9bfdb88"
}
]
}
]
},
{
"type": "library",
"bom-ref": "f0380402-642a-4b0b-9b05-3a5585919a7d",
"name": "testfixtures",
"version": "6.18.5",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/testfixtures/6.18.5",
"comment": "Distribution file: testfixtures-6.18.5-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "7de200e24f50a4a5d6da7019fb1197aaf5abd475efb2ec2422fdcf2f2eb98c1d"
}
]
},
{
"url": "https://pypi.org/project/testfixtures/6.18.5",
"comment": "Distribution file: testfixtures-6.18.5.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "02dae883f567f5b70fd3ad3c9eefb95912e78ac90be6c7444b5e2f46bf572c84"
}
]
}
]
},
{
"type": "library",
"bom-ref": "4253c94a-ce2a-48e7-b25a-604c8b02bedf",
"name": "toml",
"version": "0.10.2",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/toml/0.10.2",
"comment": "Distribution file: toml-0.10.2-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "806143ae5bfb6a3c6e736a764057db0e6a0e05e338b5630894a5f779cabb4f9b"
}
]
},
{
"url": "https://pypi.org/project/toml/0.10.2",
"comment": "Distribution file: toml-0.10.2.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"
}
]
}
]
},
{
"type": "library",
"bom-ref": "c0876443-31cb-44dc-b8fe-5e26f777b750",
"name": "tomli",
"version": "1.2.3",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/tomli/1.2.3",
"comment": "Distribution file: tomli-1.2.3-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "e3069e4be3ead9668e21cb9b074cd948f7b3113fd9c8bba083f48247aab8b11c"
}
]
},
{
"url": "https://pypi.org/project/tomli/1.2.3",
"comment": "Distribution file: tomli-1.2.3.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "05b6166bff487dc068d322585c7ea4ef78deed501cc124060e0f238e89a9231f"
}
]
}
]
},
{
"type": "library",
"bom-ref": "d6eafd24-e736-4241-891d-7645e7fe64c8",
"name": "tox",
"version": "3.25.1",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/tox/3.25.1",
"comment": "Distribution file: tox-3.25.1-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "c38e15f4733683a9cc0129fba078633e07eb0961f550a010ada879e95fb32632"
}
]
},
{
"url": "https://pypi.org/project/tox/3.25.1",
"comment": "Distribution file: tox-3.25.1.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "c138327815f53bc6da4fe56baec5f25f00622ae69ef3fe4e1e385720e22486f9"
}
]
}
]
},
{
"type": "library",
"bom-ref": "6e6a75ee-367c-4d00-8a0a-484baac296a1",
"name": "typed-ast",
"version": "1.5.4",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp310-cp310-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "669dd0c4167f6f2cd9f57041e03c3c2ebf9063d0757dc89f79ba1daa2bfca9d4"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp310-cp310-macosx_11_0_arm64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "211260621ab1cd7324e0798d6be953d00b74e0428382991adfddb352252f1d62"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "267e3f78697a6c00c689c03db4876dd1efdfea2f251a5ad6555e82a26847b4ac"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp310-cp310-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "c542eeda69212fa10a7ada75e668876fdec5f856cd3d06829e6aa64ad17c8dfe"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp310-cp310-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "a9916d2bb8865f973824fb47436fa45e1ebf2efd920f2b9f99342cb7fab93f72"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp36-cp36m-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "79b1e0869db7c830ba6a981d58711c88b6677506e648496b1f64ac7d15633aec"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "a94d55d142c9265f4ea46fab70977a1944ecae359ae867397757d836ea5a3f47"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "183afdf0ec5b1b211724dfef3d2cad2d767cbefac291f24d69b00546c1837fb6"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp36-cp36m-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "639c5f0b21776605dd6c9dbe592d5228f021404dafd377e2b7ac046b0349b1a1"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp37-cp37m-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "cf4afcfac006ece570e32d6fa90ab74a17245b83dfd6655a6f68568098345ff6"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp37-cp37m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "ed855bbe3eb3715fca349c80174cfcfd699c2f9de574d40527b8429acae23a66"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp37-cp37m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "6778e1b2f81dfc7bc58e4b259363b83d2e509a65198e85d5700dfae4c6c8ff1c"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp37-cp37m-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "0261195c2062caf107831e92a76764c81227dae162c4f75192c0d489faf751a2"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp38-cp38-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "2efae9db7a8c05ad5547d522e7dbe62c83d838d3906a3716d1478b6c1d61388d"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp38-cp38-macosx_11_0_arm64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "7d5d014b7daa8b0bf2eaef684295acae12b036d79f54178b92a2b6a56f92278f"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "370788a63915e82fd6f212865a596a0fefcbb7d408bbbb13dea723d971ed8bdc"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "4e964b4ff86550a7a7d56345c7864b18f403f5bd7380edf44a3c1fb4ee7ac6c6"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp38-cp38-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "683407d92dc953c8a7347119596f0b0e6c55eb98ebebd9b23437501b28dcbb8e"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp39-cp39-macosx_10_9_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "4879da6c9b73443f97e731b617184a596ac1235fe91f98d279a7af36c796da35"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp39-cp39-macosx_11_0_arm64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "3e123d878ba170397916557d31c8f589951e353cc95fb7f24f6bb69adc1a8a97"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "ebd9d7f80ccf7a82ac5f88c521115cc55d84e35bf8b446fcd7836eb6b98929a3"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp39-cp39-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_12_x86_64.manylinux2010_x86_64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "98f80dee3c03455e92796b58b98ff6ca0b2a6f652120c263efdba4d6c5e58f72"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4-cp39-cp39-win_amd64.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "0fdbcf2fef0ca421a3f5912555804296f0b0960f0418c440f5d6d3abb549f3e1"
}
]
},
{
"url": "https://pypi.org/project/typed-ast/1.5.4",
"comment": "Distribution file: typed_ast-1.5.4.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "39e21ceb7388e4bb37f4c679d72707ed46c2fbf2a5609b8b8ebc4b067d977df2"
}
]
}
]
},
{
"type": "library",
"bom-ref": "88aadb10-ffa3-4c50-9440-f98ad9c2ab26",
"name": "types-setuptools",
"version": "57.4.17",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/types-setuptools/57.4.17",
"comment": "Distribution file: types-setuptools-57.4.17.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "9d556fcaf6808a1cead4aaa41e5c07a61f0152a875811e1239738eba4e0b7b16"
}
]
},
{
"url": "https://pypi.org/project/types-setuptools/57.4.17",
"comment": "Distribution file: types_setuptools-57.4.17-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "9c7cdaf0d55113e24ac17103bde2d434472abf1dbf444238e989fe4e798ffa26"
}
]
}
]
},
{
"type": "library",
"bom-ref": "aaab3317-0523-4f0e-b1b2-444f19f7c483",
"name": "types-toml",
"version": "0.10.8",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/types-toml/0.10.8",
"comment": "Distribution file: types-toml-0.10.8.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "b7e7ea572308b1030dc86c3ba825c5210814c2825612ec679eb7814f8dd9295a"
}
]
},
{
"url": "https://pypi.org/project/types-toml/0.10.8",
"comment": "Distribution file: types_toml-0.10.8-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "8300fd093e5829eb9c1fba69cee38130347d4b74ddf32d0a7df650ae55c2b599"
}
]
}
]
},
{
"type": "library",
"bom-ref": "5dd42711-1a84-4dfd-b70e-09f21cc887af",
"name": "typing-extensions",
"version": "4.1.1",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/typing-extensions/4.1.1",
"comment": "Distribution file: typing_extensions-4.1.1-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "21c85e0fe4b9a155d0799430b0ad741cdce7e359660ccbd8b530613e8df88ce2"
}
]
},
{
"url": "https://pypi.org/project/typing-extensions/4.1.1",
"comment": "Distribution file: typing_extensions-4.1.1.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "1a9462dcc3347a79b1f1c0271fbe79e844580bb598bafa1ed208b94da3cdcd42"
}
]
}
]
},
{
"type": "library",
"bom-ref": "4607d050-b6b4-4b01-b8b7-ed0167f71683",
"name": "virtualenv",
"version": "20.14.1",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/virtualenv/20.14.1",
"comment": "Distribution file: virtualenv-20.14.1-py2.py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "e617f16e25b42eb4f6e74096b9c9e37713cf10bf30168fb4a739f3fa8f898a3a"
}
]
},
{
"url": "https://pypi.org/project/virtualenv/20.14.1",
"comment": "Distribution file: virtualenv-20.14.1.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "ef589a79795589aada0c1c5b319486797c03b67ac3984c48c669c0e4f50df3a5"
}
]
}
]
},
{
"type": "library",
"bom-ref": "da8e5a6f-d5a9-47c0-bc3c-c1059d18e6a4",
"name": "zipp",
"version": "3.6.0",
"purl": "pkg:pypi/[email protected]",
"externalReferences": [
{
"url": "https://pypi.org/project/zipp/3.6.0",
"comment": "Distribution file: zipp-3.6.0-py3-none-any.whl",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "9fe5ea21568a0a70e50f273397638d39b03353731e6cbbb3fd8502a33fec40bc"
}
]
},
{
"url": "https://pypi.org/project/zipp/3.6.0",
"comment": "Distribution file: zipp-3.6.0.tar.gz",
"type": "distribution",
"hashes": [
{
"alg": "SHA-256",
"content": "71c644c5369f4a6e07636f0aa966270449561fcea2e3d6747b8d23efaa9d7832"
}
]
}
]
}
],
"dependencies": [
{
"ref": "221e9ebf-637f-42ea-92f9-4d377b718b04",
"dependsOn": []
},
{
"ref": "9355a3bb-2789-4b11-95f2-e60d3756062d",
"dependsOn": []
},
{
"ref": "1d127a2c-e89d-4d9a-b2fc-0eff17325f4f",
"dependsOn": []
},
{
"ref": "85b55ad5-5988-4cbd-af48-9b5dff125742",
"dependsOn": []
},
{
"ref": "71fd7a0e-4121-47d7-88f8-cb3b692167be",
"dependsOn": []
},
{
"ref": "368e142c-aacc-411b-b2de-61611cc0c07c",
"dependsOn": []
},
{
"ref": "b7821c28-1a71-4acc-8723-fbc9884ca353",
"dependsOn": []
},
{
"ref": "fa4bfc98-fd00-4cb7-a820-4b0d0e46eabf",
"dependsOn": []
},
{
"ref": "82f5d4c0-0cd3-4e68-89af-1eb9f375918f",
"dependsOn": []
},
{
"ref": "66e202c0-21cb-46e2-b3d8-06f57db16904",
"dependsOn": []
},
{
"ref": "64270487-d39e-497f-86ad-ec4ac6a7d3d3",
"dependsOn": []
},
{
"ref": "5a15e858-a9a7-449b-a8e7-b028501983a6",
"dependsOn": []
},
{
"ref": "a2f9b409-1157-439a-b80a-c774e832dc77",
"dependsOn": []
},
{
"ref": "c42b266b-6645-4fbb-bc22-30658d1094b6",
"dependsOn": []
},
{
"ref": "35afcc71-b81a-42a5-811d-54945937c882",
"dependsOn": []
},
{
"ref": "e951705e-30c4-497a-98ef-f9d141136a46",
"dependsOn": []
},
{
"ref": "d108a2c9-619a-46f1-ba45-bebd6472f7a6",
"dependsOn": []
},
{
"ref": "bb447ba4-a9ae-4199-b6c9-e9ebb312eb5e",
"dependsOn": []
},
{
"ref": "2b429360-f6e9-4455-82aa-ed8ee6a04098",
"dependsOn": []
},
{
"ref": "fda0e8b4-7b83-427a-92a8-023f65e7e2e4",
"dependsOn": []
},
{
"ref": "38c1a869-5c65-4990-9a86-8c8e69cdbd62",
"dependsOn": []
},
{
"ref": "60bb7c13-b0b5-4056-bc66-7f6edd7f37bc",
"dependsOn": []
},
{
"ref": "ab557d79-4499-4a92-843d-8363433a5401",
"dependsOn": []
},
{
"ref": "673a9d4c-524d-421b-98e9-d854a0f0dc2f",
"dependsOn": []
},
{
"ref": "df4d3aab-bee3-40a0-86d5-31db7b16d9d7",
"dependsOn": []
},
{
"ref": "d877b06b-0bcd-4eb2-9f4a-8b0877fac6bd",
"dependsOn": []
},
{
"ref": "9d435103-af5b-4877-a66d-ebcc5e57b092",
"dependsOn": []
},
{
"ref": "7db59f1b-697f-4f80-bb60-1f9d112e6949",
"dependsOn": []
},
{
"ref": "f0380402-642a-4b0b-9b05-3a5585919a7d",
"dependsOn": []
},
{
"ref": "4253c94a-ce2a-48e7-b25a-604c8b02bedf",
"dependsOn": []
},
{
"ref": "c0876443-31cb-44dc-b8fe-5e26f777b750",
"dependsOn": []
},
{
"ref": "d6eafd24-e736-4241-891d-7645e7fe64c8",
"dependsOn": []
},
{
"ref": "6e6a75ee-367c-4d00-8a0a-484baac296a1",
"dependsOn": []
},
{
"ref": "88aadb10-ffa3-4c50-9440-f98ad9c2ab26",
"dependsOn": []
},
{
"ref": "aaab3317-0523-4f0e-b1b2-444f19f7c483",
"dependsOn": []
},
{
"ref": "5dd42711-1a84-4dfd-b70e-09f21cc887af",
"dependsOn": []
},
{
"ref": "4607d050-b6b4-4b01-b8b7-ed0167f71683",
"dependsOn": []
},
{
"ref": "da8e5a6f-d5a9-47c0-bc3c-c1059d18e6a4",
"dependsOn": []
}
]
}
Thanks for the (confirmed) report, @SaberStrat .
Do you want to give it a try and provide a fix/feature/PR?
could try to evaluate the following files, to gather the requested information:
pyproject.tomlpoetry.locksetup.cfg/setup.py
and additionally we could allow CLI options/switches/arguments to set the data like
- ~~
meta.component.vendor~~meta.component.group meta.component.namemeta.component.version
any thoughts, @madpah , @SaberStrat ?
Thanks for the quick response. The additional data sounds good, though metadata.component.vendor isn't defined in the CycloneDX specs. More fields are possible, but aside from the required metadata.component.type, .name and .version are probably a valid minimum.
If absolutely no one else is in dire need of an issue to work on, I could tackle it. But can't provide an ETA.
This is an interesting idea - thanks for raising @SaberStrat.
Being able to accurately populate meta.component would be great, and my view is that parsing data from the example files called out by @jkowalleck would be the only sane approach. Having configuration options to provide this data could also be an option too. Which options would work best for your use case @SaberStrat ?
As far as I know, we don't even use a Python-specific build tool/system. Just plain conda. So for me, as of right now, CLI options would cover my use cases.
If the build config files allow for a definition of the metadata.components, then for consistency sake that should be supported as well ofc.
This is a big issue for us. Hierarchical merge requires a component to exist and working around it is a big hack. Would it be possible to at least have cli options to give component information to this tool and populate the field.
sure, it is possible. :-) Feel free to contribute(pullrequest) a solution.
We are currently in a feature-freeze phase for v1-v3,
while we are creating the next major version, v4.
Development is done in dev/4.x.x branch. New features should be branched from there and be pull-requested to this branch.
see PEP621 https://peps.python.org/pep-0621 see https://packaging.python.org/en/latest/specifications/declaring-project-metadata/#declaring-project-metadata
@jkowalleck Any plans on supporting myproject.toml for not only the bom metadata, but for dependencies as well?
re: https://github.com/CycloneDX/cyclonedx-python/issues/391#issuecomment-1846148976
this would be a different topic.
the dependencies in pyproject.toml would act as a root-filter for the from environment source. see https://github.com/CycloneDX/cyclonedx-python/issues/614
This feature will be part of the next/upcoming major release.
Changelog: see https://github.com/CycloneDX/cyclonedx-python/pull/605
Install via: pip install cyclonedx-bom==4.0.0rc1