cyclonedx-python-lib

cyclonedx-python-lib copied to clipboard

CycloneDX python library is maintained by volunteers, and drive by members of the CycloneDX community. Feel free to contribute the bits and pieces you or your organization needs. If you...

jkowalleck

Dependency warning for root component only

3

If I create an SBOM with only a root component as follows: ```python from cyclonedx.model.bom import Bom, BomMetaData from cyclonedx.model.component import Component from cyclonedx.output.json import JsonV1Dot6 bom = Bom(metadata=BomMetaData(component=Component(name="test",version="1.2"))) print(JsonV1Dot6(bom).output_as_string())...

weichslgartner

feat!: v8.0.0

5

### BREAKING Changes * Removed `cyclonedx.mode.ThisTool`, utilize `cyclonedx.builder.this.this_tool()` instead. * Moved `cyclonedx.model.Tool` to `cyclonedx.model.tool.Tool`. * Property `cyclonedx.mode.bom.BomMetaData.tools` is of type `cyclonedx.model.tool.ToolRepository` now, was `SortedSet[cyclonedx.model.Tool]`. The getter will act accordingly; the...

jkowalleck

feat: support services data object

5

- Added (an initial definition of) the "Data" class and other related classes that seemed missing, in the service.py model. - Substituted use of DataClassification class to Data class in...

lucamrgs

feat: Data object for Service properties

4

Dear implementers, it appears to me that the Data object for the Services property is not correctly implemented (see https://cyclonedx.org/docs/1.6/json/#services_items_data). I am trying to instantiate a Service, and upon populating...

lucamrgs

see https://docs.pypi.org/trusted-publishers/

jkowalleck

Include BomRef within Component hash calculation

5

Fixes #540, #677

wkoot

Deserialization silently loads broken bom

3

It seems that deserialization silently loads broken bom data, omitting components due to deduplication. For reproduction, refer to the sample testdata output as produced in https://github.com/CycloneDX/cyclonedx-cli/issues/399: ```json { "bomFormat": "CycloneDX",...

wkoot

do not add self to `metadata.tools`

2

If the `Bom.metadata.tools` are found empty, this library adds an entry to it, to represent itself. This might look like a cute idea at first, but it alters the original...

jkowalleck

Bumps [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 9.1.1 to 9.8.8. Release notes Sourced from python-semantic-release/python-semantic-release's releases. v9.8.8 (2024-09-01) Fixes config: fix path traversal detection for windows compatibility (#1014, 16e6daa) Documentation configuration: update build_command env...

dependabot[bot]