cyclonedx-python-lib icon indicating copy to clipboard operation
cyclonedx-python-lib copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

feat: `metadata.tools` support `components`&`services`

Open maitrey opened this issue 1 year ago • 5 comments

Hi !

Version cyclonedx-python-lib:6.4.1 Platform: Windows Python Version: 3.12 Input(s):

  1. My goal is to achieve the xml output in the format:
<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:dcfe183f-da82-43c3-93f4-8dcdb80a6796" version="1">
  <metadata>
    <timestamp>2024-02-29T15:03:19.775602+00:00</timestamp>
    <tools>
        <components>
          <component type="application" bom-ref="None">
            <supplier>
              <name>Test Company</name>
            </supplier>
            <name>testtool</name>
            <version>1.0.0</version>
          </component>
        </components>
      </tools>

For which the code written is:

testcomp = Component(
    name='testtool',
    type=ComponentType.APPLICATION,
    version='1.0.0',
    supplier=OrganizationalEntity(
        name='Test Company'),)
toollist = Component(name="Test",components = [testcomp])
bom.metadata.tools.add(toollist)

Expected Output(s):

<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:dcfe183f-da82-43c3-93f4-8dcdb80a6796" version="1">
  <metadata>
    <timestamp>2024-02-29T15:03:19.775602+00:00</timestamp>
    <tools>
        <components>
          <component type="application" bom-ref="None">
            <supplier>
              <name>Test Company</name>
            </supplier>
            <name>testtool</name>
            <version>1.0.0</version>
          </component>
        </components>
      </tools>

Actual Output(s):

<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:dcfe183f-da82-43c3-93f4-8dcdb80a6796" version="1">
  <metadata>
    <timestamp>2024-02-29T15:03:19.775602+00:00</timestamp>
    <tools>
      <tool type="library" bom-ref="None">
        <name>Test</name>
        <components>
          <component type="application" bom-ref="None">
            <supplier>
              <name>Test Company</name>
            </supplier>
            <name>testtool</name>
            <version>1.0.0</version>
          </component>
        </components>
      </tool>
   </tools>

So far it looks to me the tool class does not support adding components. https://cyclonedx.org/docs/1.5/json/#metadata_tools_oneOf_i0_components https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/cyclonedx/model/init.py#L1231 Rather it supports the older formats : https://cyclonedx.org/docs/1.5/json/#tab-pane_metadata_tools_oneOf_i1 My code fails at the XMLValidation step as the Tool Class expects the legacy format tags. Could you please check this issue and get back? Many Thanks!

maitrey avatar Mar 01 '24 05:03 maitrey

Current state of this library does not support Components not Services in $.metadata.tools.

This library is a community effort. Feel free to donate the missing feature. Please follow our guidelines: https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md

jkowalleck avatar Mar 01 '24 07:03 jkowalleck

related: https://github.com/CycloneDX/cyclonedx-python-lib/issues/597

jkowalleck avatar Apr 24 '24 09:04 jkowalleck

I am working on this feat as time permits.

saquibsaifee avatar Jun 14 '24 15:06 saquibsaifee

I am also working on this. Hope to have something soon.

jkugler avatar Jun 14 '24 16:06 jkugler

implementation finished

jkowalleck avatar Sep 16 '24 18:09 jkowalleck

was released via https://github.com/CycloneDX/cyclonedx-python-lib/releases/tag/v8.0.0

jkowalleck avatar Oct 14 '24 12:10 jkowalleck