- docs: remove invalid docsting note about auto-assigned
bom-ref
values (#733) (5aa5787
)
- feat: support CycloneDX 1.6.1 (#742)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (55eafed
)
- feat: add factory method
XsUri.make_bom_link()
(#728)
Signed-off-by: Saquib Saifee <saquibsaifee@ibm.com>
Co-authored-by: Saquib Saifee <saquibsaifee@ibm.com> (5ec73d0
)
- fix: no warning for missing dependencies if no component exists (#720)
Signed-off-by: weichslgartner <weichslgartner@gmail.com> (d9c3ded
)
- doc: fix
Definitions
docstring (#731)
Signed-off-by: Hakan Dilek <hakandilek@gmail.com> (5860b67
)
- docs: revisit examples readme (#725)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e9020f0
)
- feat: add basic support for Definitions (#701)
Signed-off-by: Hakan Dilek <hakandilek@gmail.com> (a1573e5
)
- fix: encode quotation mark in URL (#724)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a7c7c97
)
- feat: Add Python 3.13 support (#718)
Signed-off-by: gruebel <anton.gruebel@gmail.com> (d4be3ba
)
- docs: fix code examples regarding outputting (#709)
Signed-off-by: Hakan Dilek <hakandilek@gmail.com> (c72d5f4
)
- feat: add support for Lifecycles in BOM metadata (#698)
Signed-off-by: Johannes Feichtner <johannes@web-wack.at>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Johannes Feichtner <343448+Churro@users.noreply.github.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6cfeb71
)
- feat!: v8.0.0 (#665)
- Removed
cyclonedx.mode.ThisTool
, utilizecyclonedx.builder.this.this_tool()
instead. - Moved
cyclonedx.model.Tool
tocyclonedx.model.tool.Tool
. - Property
cyclonedx.mode.bom.BomMetaData.tools
is of typecyclonedx.model.tool.ToolRepository
now, wasSortedSet[cyclonedx.model.Tool]
.
The getter will act accordingly; the setter might act in a backwards-compatible way. - Property
cyclonedx.mode.vulnerability.Vulnerability.tools
is of typecyclonedx.model.tool.ToolRepository
now, wasSortedSet[cyclonedx.model.Tool]
.
The getter will act accordingly; the setter might act in a backwards-compatible way. - Constructor
cyclonedx.model.license.LicenseExpression()
accepts optional argumentacknowledgement
only as key-word argument, no longer as positional argument.
- Constructor of
cyclonedx.model.bom.BomMetaData
also accepts an instance ofcyclonedx.model.tool.ToolRepository
for argumenttools
. - Constructor of
cyclonedx.model.bom.BomMetaData
no longer adds this very library as a tool.
Downstream users SHOULD add it manually, likemy-bom.metadata.tools.components.add(cyclonedx.builder.this.this_component())
.
- Deserialization of CycloneDX that do not include tools in the metadata are no longer unexpectedly modified/altered.
Enabled Metadata Tools representation and serialization in accordance with CycloneDX 1.5
- New class
cyclonedx.model.tool.ToolRepository
. - New function
cyclonedx.builder.this.this_component()
-- representation of this very python library as aComponent
. - New function
cyclonedx.builder.this.this_tool()
-- representation of this very python library as aTool
. - New function
cyclonedx.model.tool.Tool.from_component()
.
- Raised runtime dependency
py-serializable>=1.1.1,<2
, was>=1.1.0,<2
.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Joshua Kugler <tek30584@adobe.com>
Signed-off-by: semantic-release <semantic-release@bot.local>
Co-authored-by: Joshua Kugler <joshua@azariah.com>
Co-authored-by: semantic-release <semantic-release@bot.local> (002f966
)
- docs(chaneglog): omit chore/ci/refactor/style/test/build (#703)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a210809
)
- docs: fix some doc strings
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (4fa8fc1
)
- fix: behavior of and typing for crypto setters with optional values (#694)
fixes #690
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (d8b20bd
)
- fix: file copyright headers (#676)
utilizes flake8 plugin <https://pypi.org/project/flake8-copyright-validator/> to assert the correct headers
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (35e00b4
)
- feat:
HashType.from_composite_str
for Blake2b, SHA3, Blake3 (#663)
The code mistreated hashes for Blake2b and SHA3. Code for explicitly handling SHA1 & BLAKE3 was added, as those have no variants defined in the CycloneDX specification.
fixes #652
Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c59036e
)
- fix: XML serialize
normalizedString
andtoken
properly (#646)
fixes #638
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b40f739
)
- feat: add workaround property for v1.5 and v1.6 (#642)
Property workaround
was missing from the vulnerability model. It was
added in spec v1.5 and was marked as TODO before.
This is my first contribution on this project so if I done something wrong, just say me 😃
Signed-off-by: Louis Maillard <louis.maillard@savoirfairelinux.com>
Signed-off-by: Louis Maillard <louis.maillard@protonmail.com>
Co-authored-by: Louis Maillard <louis.maillard@savoirfairelinux.com> (b5ebcf8
)
- docs: exclude dep bumps from changelog (#627)
fixes #616
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (60361f7
)
- fix:
cyclonedx.model.Property.value
value is optional (#631)
cyclonedx.model.Property.value
value is optional, in accordance with
the spec.
fixes #630
Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (ad0f98b
)
- docs: OSSP best practice percentage
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (75f58dc
)
- feat: updated SPDX license list to
v3.24.0
(#622)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3f9770a
)
- fix: allow suppliers with empty-string names (#611)
fixes #600
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b331aeb
)
- fix: json validation allow arbitrary
$schema
value (#613)
fixes #612
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (08b7c60
)
- fix: properly sort components based on all properties (#599)
reverts #587 - as this one introduced errors fixes #598 fixes #586
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Co-authored-by: Paul Horton <paul.horton@owasp.org> (8df488c
)
- fix: include all fields of
Component
in__lt__
function for #586 (#587)
Fixes #586.
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d784685
)
- feat: license factory set
acknowledgement
(#593)
add a parameter to LicenseFactory.make_*()
methods, to set the LicenseAcknowledgement
.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7ca2455
)
- feat: disjunctive license acknowledgement (#591)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9bf1839
)
- doc: poor merge resolved
Signed-off-by: Paul Horton <paul.horton@owasp.org> (a498faa
)
- docs: missing schema support table & update schema support to reflect version 7.0.0 (#584)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d230e67
)
- feat: support
bom.properties
for CycloneDX v1.5+ (#585)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (1d1c45a
)
-
feat!: Support for CycloneDX v1.6
-
added draft v1.6 schemas and boilerplate for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- re-generated test snapshots for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- note
bom.metadata.manufacture
as deprecated
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work on
bom.metadata
for v1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Deprecated
.component.author
. Added.component.authors
and.component.manufacturer
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work to add
.component.omniborid
- but tests deserialisation tests fail due to schema differences (.component.author
not in 1.6)
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- work to get deserialization tests passing
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore(deps): bump
py-serializable
to >=1.0.3 to resolve issues with deserialization to XML
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- imports tidied
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- properly added
.component.swhid
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- add
.component.cryptoProperties
- with test failures for SchemaVersion < 1.6
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- typing and bandit ignores
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- test filtering
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- additional tests to increase code coverage
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- corrected CryptoMode enum
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- Added
address
toorganizationalEntity
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- raise
UserWarning
in.component.version
has length > 1024
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- coding standards and typing
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- add
acknowledgement
toLicenseExpression
(#582)
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- more proper way to filter test cases
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- update schema to published versions
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fetch schema 1.6 JSON
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- fetch test data for CDX 1.6
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- reformat
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- style
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- refactor
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8bbdf46
)
- fix: wrong extra name for xml validation (#571)
Signed-off-by: Christoph Reiter <reiter.christoph@gmail.com> (10e38e2
)
- fix: serialization of
model.component.Diff
(#557)
Fixes #556
Signed-off-by: rcross-lc <151086351+rcross-lc@users.noreply.github.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (22fa873
)
- build: use poetry v1.8.1 (#560)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6f81dfa
)
- docs: update architecture description and examples (#550)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a19fd28
)
- docs: exclude internal docs from rendering (#545)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7e55dfe
)
- docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (63cff7e
)
- docs (#546)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b0e5b43
)
- docs: ship docs with
sdist
build (#544)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (52ef01c
)
- docs: refactor example
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c1776b7
)
-
fix:
model.BomRef
no longer equal to unset peers (#543)fixes #539
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1fd7fee
)
- docs: add OpenSSF Best Practices shield (#532)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (59c4381
)
- feat: support
py-serializable
v1.0 (#531)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e1e7277
)
- docs: add
Documentation
url to project meta
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1080b73
)
- docs: add
Documentation
url to project meta
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c4288b3
)
- feat: enable dependency
py-serializable 0.17
(#529)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9f24220
)
- build: allow additional major-version RC branch patterns
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f8af156
)
- docs: fix typo
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2563996
)
- docs: update intro and description
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f0bd05d
)
- docs: buld docs on ubuntu22.04 python311
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b3e9ab7
)
- feat: allow
lxml
requirement in range of>=4,<6
(#523)
Updates the requirements on lxml to permit the latest version.
updated-dependencies:
- dependency-name: lxml dependency-type: direct:production ...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (7d12b9a
)
- docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7dcd166
)
- feat: add function to map python
hashlib
algorithms to CycloneDX (#519)
new API: model.HashType.from_hashlib_alg()
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (81f8cf5
)
- feat!: v6.0.0 (#492)
- Removed symbols that were already marked as deprecated (via #493)
- Removed symbols in
parser.*
(#489 via #495) - Removed
output.LATEST_SUPPORTED_SCHEMA_VERSION
(#491 via #494) - Serialization of unsupported enum values might downgrade/migrate/omit them (#490 via #496)
Handling might raise warnings if a data loss occurred due to omitting.
The result is a guaranteed valid XML/JSON, since no (enum-)invalid values are rendered. - Serialization of any
model.component.Component
with unsupportedtype
raisesexception.serialization.SerializationOfUnsupportedComponentTypeException
(#490 via #496) - Object
model.bom_ref.BomRef
's propertyvalue
defaults toNull
, was arbitraryUUID
(#504 via #505)
This change does not affect serialization. Allbom-ref
s are guaranteed to have unique values on rendering. - Removed helpers from public API (#503 via #506)
- Created (regression/unit/integration/functional) tests for CycloneDX 1.5 (#404 via #488)
- Created (regression/functional) tests for Enums' handling and completeness (#490 via #496)
- Bumped dependency
py-serializable@^0.16
, was@^0.15
(via #496)
- Added new sub-package
exception.serialization
(via #496) - Removed class
models.ComparableTuple
(#503 via #506) - Enum
model.ExternalReferenceType
got new cases, to reflect features for CycloneDX 1.5 (#404 via #488) - Removed function
models.get_now_utc
(#503 via #506) - Removed function
models.sha1sum
(#503 via #506) - Enum
model.component.ComponentType
got new cases, to reflect features for CycloneDX 1.5 (#404 via #488) - Removed
model.component.Component.__init__()
's deprecated optional kwargnamespace
(via #493)
Use kwarggroup
instead. - Removed
model.component.Component.__init__()
's deprecated optional kwarglicense_str
(via #493)
Use kwarglicenses
instead. - Removed deprecated method
model.component.Component.get_namespace()
(via #493) - Removed class
models.dependency.DependencyDependencies
(#503 via #506) - Removed
model.vulnerability.Vulnerability.__init__()
's deprecated optional kwargsource_name
(via #493)
Use kwargsource
instead. - Removed
model.vulnerability.Vulnerability.__init__()
's deprecated optional kwargsource_url
(via #493)
Use kwargsource
instead. - Removed
model.vulnerability.Vulnerability.__init__()
's deprecated optional kwargrecommendations
(via #493)
Use kwargrecommendation
instead. - Removed
model.vulnerability.VulnerabilityRating.__init__()
's deprecated optional kwargscore_base
(via #493)
Use kwargscore
instead. - Enum
model.vulnerability.VulnerabilityScoreSource
got new cases, to reflect features for CycloneDX 1.5 (#404 via #488) - Removed
output.LATEST_SUPPORTED_SCHEMA_VERSION
(#491 via #494) - Removed deprecated function
output.get_instance()
(via #493)
Use functionoutput.make_outputter()
instead. - Added new class
output.json.JsonV1Dot5
, to reflect CycloneDX 1.5 (#404 via #488) - Added new item to dict
output.json.BY_SCHEMA_VERSION
, to reflect CycloneDX 1.5 (#404 via #488) - Added new class
output.xml.XmlV1Dot5
, to reflect CycloneDX 1.5 (#404 via #488) - Added new item to dict
output.xml.BY_SCHEMA_VERSION
, to reflect CycloneDX 1.5 (#404 via #488) - Removed class
parser.ParserWarning
(#489 via #495) - Removed class
parser.BaseParser
(#489 via #495) - Enum
schema.SchemaVersion
got new caseV1_5
, to reflect CycloneDX 1.5 (#404 via #488)
Signed-off-by: Johannes Feichtner <johannes@web-wack.at>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: Johannes Feichtner <343448+Churro@users.noreply.github.com>
Co-authored-by: semantic-release <semantic-release> (74865f8
)
- docs: keywaords & funding (#486)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3189e59
)
- feat:
model.XsUri
migrate control characters according to spec (#498)
fixes #497
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e490429
)
- fix: update own
externalReferences
(#480)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (edb3dde
)
- docs: advance license docs
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f61a730
)
- feat: guarantee unique
BomRef
s in serialization result (#479)
Incorporate output.BomRefDiscriminator
on serialization
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a648775
)
- docs: revisit project meta (#475)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c3254d0
)
- docs: fix RTFD build (#476)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (b9fcfb4
)
- "chore(deps): revert bump python-semantic-release/python-semantic-release (#474)"
This reverts commit 9c3ffac34e89610ccc4f9701444127e1e6f5ee07.
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (aae7304
)
- feat!: v5.0.0 (#440)
- Dropped support for python<3.8 (#436 via #441; enable #433)
- Reworked license related models, collections, and factories (#365 via #466)
- Behavior
- API
- Enum
schema.SchemaVersion
is no longer string-like (#442 via #447) - Enum
schema.OutputVersion
is no longer string-like (#442 via #447) - Abstract class
output.BaseOutput
requires implementation of new methodoutput_format
(#446 via #447) - Abstract method
output.BaseOutput.output_as_string()
got new optional parameterindent
(#437 via #458) - Abstract method
output.BaseOutput.output_as_string()
accepts arbitrary kwargs (via #458, #462) - Removed class
factory.license.LicenseChoiceFactory
(via #466)
The old functionality was integrated intofactory.license.LicenseFactory
. - Method
factory.license.LicenseFactory.make_from_string()
's parametername_or_spdx
was renamed tovalue
(via #466) - Method
factory.license.LicenseFactory.make_from_string()
's return value can also be aLicenseExpression
(#365 via #466)
The behavior imitates the oldfactory.license.LicenseChoiceFactory.make_from_string()
- Renamed class
module.License
tomodule.license.DisjunctliveLicense
(#365 via #466) - Removed class
module.LicenseChoice
(#365 via #466)
Use dedicated classesmodule.license.DisjunctliveLicense
andmodule.license.LicenseExpression
instead - All occurrences of
models.LicenseChoice
were replaced bymodels.licenses.License
(#365 via #466) - All occurrences of
SortedSet[LicenseChoice]
were specialized tomodels.license.LicenseRepository
(#365 via #466)
- Enum
- Serialization of multy-licenses (#365 via #466)
- Detect unused "dependent" components in
model.bom.validate()
(via #464)
- Updated latest supported list of supported SPDX license identifiers (via #433)
- Shipped schema files are moved to a protected space (via #433)
These files were never intended for public use. - XML output uses a default namespace, which makes results smaller. (#438 via #458)
- Support for Python 3.12 (via #460)
- JSON- & XML-Validators (#432, #446 via #433, #448)
The functionality might require additional dependencies, that can be installed with the extra "validation".
See the docs in section "Installation" for details. - JSON & XML can be generated in a more human-friendly form (#437, #438 via #458)
- Type hints, typings & overloads for better integration downstream (via #463)
- API
- New function
output.make_outputter()
(via #469)
This replaces the deprecated functionoutput.get_instance()
. - New sub-package
validation
(#432, #446 via #433, #448, #469, #468, #469) - New class
exception.MissingOptionalDependencyException
(#432 via #433) - New class
exception.LicenseExpressionAlongWithOthersException
(#453 via #452) - New dictionaries
output.{json,xml}.BY_SCHEMA_VERSION
(#446 via #447) - Existing implementations of class
output.BaseOutput
now have a new methodoutput_format
(#446 via #447) - Existing implementations of method
output.BaseOutput.output_as_string()
got new optional parameterindent
(#437 via #458) - Existing implementations of method
output.BaseOutput.output_to_file()
got new optional parameterindent
(#437 via #458) - New method
factory.license.LicenseFactory.make_with_expression()
(via #466) - New class
model.license.DisjunctiveLicense
(#365 via #466) - New class
model.license.LicenseExpression
(#365 via #466) - New class
model.license.LicenseRepository
(#365 via #466) - New class
serialization.LicenseRepositoryHelper
(#365 via #466)
- New function
- Function
output.get_instance()
might be removed, useoutput.make_outputter()
instead (via #469)
- Added validation tests with official CycloneDX schema test data (#432 via #433)
- Use proper snapshots, instead of pseudo comparison (#437 via #464)
- Added regression test for bug #365 (via #466, #467)
- Dependencies: bumped
py-serializable@^0.15.0
, was@^0.11.1
(via #458, #463, #464, #466) - Style: streamlined quotes and strings (via #472)
- Chore: bumped internal dev- and QA-tools (#436 via #441, #472)
- Chore: added more QA tools to prevent common security issues (via #473)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@owasp.org>
Signed-off-by: semantic-release <semantic-release>
Co-authored-by: semantic-release <semantic-release> (26b151c
)
- fix: SPDX-expression-validation internal crashes are cought and handled (#471)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (5fa66a0
)
- docs: fix shield in README
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6a941b1
)
- docs(example): showcase
LicenseChoiceFactory
(#428)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c56ec83
)
- fix: ship meta files (#434)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3a1a8a5
)
- fix:
LicenseChoiceFactory.make_from_string()
prioritize SPDX id over expression (#427)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e1bdfdd
)
- feat: complete SPDX license expression (#425)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e06f9fd
)
- docs(examples): showcase shorthand dependency management (#403)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8b32efb
)
- feat: programmatic access to library's version (#417)
adds cyclonedx.__version__
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3585ea9
)
- docs(examples): README (#399)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1d262ba
)
- docs: add exaple how to build and serialize (#397)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (65e22bd
)
- fix: conditional warning if no root dependencies were found (#398)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (c8175bb
)
- 4.0.1
Automatically generated by python-semantic-release (4a72f51
)
- Add missing space in warning message. (#364)
Signed-off-by: Michael Schlenker <michael.schlenker@contact-software.com>
Co-authored-by: Michael Schlenker <michael.schlenker@contact-software.com> (dad0d28
)
- feat: Release 4.0.0 #341)
Highlights of this release include:
- Support for De-serialization from JSON and XML to this Pythonic Model
- Deprecation of Python 3.6 support
- Support for Python 3.11
- Support for
BomLink
- Support VEX without needing
Component
in the sameBom
- Support for
services
havingdependencies
BREAKING CHANGE: Large portions of this library have been re-written for this release and many methods and contracts have changed.
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- feat: support VEX without Components in the same BOM
BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- feat: support VEX without Components in the same BOM
BREAKING CHANGE: Model classes changed to relocated Vulnerability at Bom, not at Component
Signed-off-by: Paul Horton <paul.horton@owasp.org>
feat: allow version
of BOM to be defined
feat: allow serial_number
of BOM to be prescribed
feat: add helper method to get URN for a BOM according to https://www.iana.org/assignments/urn-formal/cdx Signed-off-by: Paul Horton <paul.horton@owasp.org>
-
chore: fix release workflow
-
chore: editorconfig
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- feat: support for deserialization from JSON and XML (#290)
BREAKING CHANGE:
- feat: drop Python 3.6 support
Signed-off-by: Hakan Dilek <hakandilek@gmail.com> Signed-off-by: Paul Horton <paul.horton@owasp.org> Co-authored-by: Hakan Dilek <hakandilek@gmail.com> Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com>
- fix: update
serializable
to include XML safety changes
Signed-off-by: Paul Horton <paul.horton@owasp.org>
-
feat: Support for Python 3.11 (#349)
-
feat: officially test and support Python 3.11
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- removed unused imports
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- bump
poetry
to1.1.12
in CI
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fix: remove
toml
as dependency as not used and seems to be breaking Python 3.11 CI
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fix: removed
types-toml
from dependencies - not used
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- fix: removed
autopep8
in favour offlake8
as both have conflicting dependencies now
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- chore: bump dev dependencies
fix: removed setuptools
as dependency
Signed-off-by: Paul Horton <paul.horton@owasp.org>
-
tests: compoennt versions optional (#350)
-
chore: exclude
venv*
from QA; add typing to QA
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- tests: component versions are optional
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- doc: doc updates for new deserialization feature
Signed-off-by: Paul Horton <paul.horton@owasp.org>
- doc: doc updates for contribution
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Paul Horton <paul.horton@owasp.org>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Hakan Dilek <hakandilek@gmail.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Hakan Dilek <hakandilek@gmail.com>
Co-authored-by: Hakan Dilek <hakandilek@users.noreply.github.com> (8fb1b14
)
- 4.0.0
Automatically generated by python-semantic-release (40fbfda
)
- fix: mak test's schema paths relative to
cyclonedx
package (#338)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (1f0c05f
)
- 3.1.5
Automatically generated by python-semantic-release (ba603cf
)
-
fix(tests): include tests in
sdist
builds (#337) -
feat: include
tests
insdist
builds for #336 -
delete unexpected
DS_Store
file
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (936ad7d
)
- 3.1.4
Automatically generated by python-semantic-release (0b19294
)
-
fix: serialize dependency graph for nested components (#329)
-
tests: regression tests for issue #328
-
fix: for issue #328
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (fb3f835
)
- 3.1.3
Automatically generated by python-semantic-release (11a420c
)
- docs: typo
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (539b57a
)
- docs: fix shields (#324)
caused by badges/shields#8671
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (555dad4
)
- docs: fix typo (#318)
Signed-off-by: Roland Weber <rolweber@de.ibm.com> (63bfb87
)
- fix: prevent errors on metadata handling for some specification versions (#330)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (f08a656
)
- 3.1.2
Automatically generated by python-semantic-release (0853d14
)
- clarify sign-off step (#319)
Signed-off-by: Roland Weber <rolweber@de.ibm.com> (007fb96
)
- fix: type hint for
get_component_by_purl
is incorrect
chore: force automated release
Signed-off-by: Paul Horton <paul.horton@owasp.org> (3f20bf0
)
- 3.1.1
Automatically generated by python-semantic-release (503955e
)
- Merge pull request #310 from gruebel/fix-method-type-hint
fix: type hint for get_component_by_purl
is incorrect (06037b9
)
- move tests to model bom file
Signed-off-by: gruebel <anton.gruebel@gmail.com> (4c8a3ab
)
- fix type hint for get_component_by_purl
Signed-off-by: gruebel <anton.gruebel@gmail.com> (735c05e
)
- feat: out-factor SPDX compund detection
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (fd4d537
)
- feat: out-factor SPDX compund detection
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (2b69925
)
- feat: license factories
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (033bad2
)
- 3.1.0
Automatically generated by python-semantic-release (e52c174
)
- Merge pull request #305 from CycloneDX/license-factories
feat: add license factories to more easily support creation of License
or LicenseChoice
from SPDX license strings #304 (5ff4494
)
- Merge pull request #301 from CycloneDX/fix-poetry-in-tox
chore: fix poetry in tox (92aea8d
)
- remove v3 from CHANGELOG #286 (#287)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7029721
)
- 3.0.0
Automatically generated by python-semantic-release (69582ff
)
- fix: pinned
mypy <= 0.961
due to #278
Signed-off-by: Paul Horton <paul.horton@owasp.org> (d6955cb
)
- fix: properly support nested
components
andservices
#275
Signed-off-by: Paul Horton <paul.horton@owasp.org> (6597db7
)
- Merge pull request #276 from CycloneDX/fix/bom-validation-nested-components-isue-275
fix: BOM validation fails when Components or Services are nested #275
fix: updated dependencies #271, #270, #269 and #256 (68a0cdd
)
-
Merge branch 'main' into fix/bom-validation-nested-components-isue-275 (
6caee65
) -
added tests to cover new
Component.get_all_nested_components()
method
Signed-off-by: Paul Horton <paul.horton@owasp.org> (75a77ed
)
- Revert "chore: re-added
isort
to pre-commit hooks"
This reverts commit f50ee1eb79f3f4e5b9d21824e64192d0af43d3f0.
Signed-off-by: Paul Horton <paul.horton@owasp.org> (5f7f30e
)
- removed tests where services are part of dependency tree - see #277
Signed-off-by: Paul Horton <paul.horton@owasp.org> (f26862b
)
- aded XML output tests for Issue #275
Signed-off-by: Paul Horton <paul.horton@owasp.org> (ebef5f2
)
- updated XML output tests
Signed-off-by: Paul Horton <paul.horton@owasp.org> (356c37e
)
- addressed JSON output for #275 including test addiitions
Signed-off-by: Paul Horton <paul.horton@owasp.org> (692c005
)
-
feat: support for CycloneDX schema
1.4.2
- addsvulnerability.properties
to the schema (32e7929
) -
feat: support for CycloneDX schema version
1.4.2
- Provides support for
vulnerability.properties
Signed-off-by: Paul Horton <paul.horton@owasp.org> (db7445c
)
- feat: added updated CycloneDX 1.4.2 schemas
Signed-off-by: Paul Horton <paul.horton@owasp.org> (7fb27ae
)
- 2.7.0
Automatically generated by python-semantic-release (96d155e
)
- feat: reduce unnessessarry type casting of
set
/SortedSet
(#203)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (089d971
)
- 2.6.0
Automatically generated by python-semantic-release (8481e9b
)
- fix: add expected lower-than comparators for
OrganizationalEntity
andVulnerabilityCredits
(#248)
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (0046ee1
)
- 2.5.2
Automatically generated by python-semantic-release (fb9a796
)
- fix: add missing
Vulnerability
comparator for sorting (#246)
Partial fix for #245.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (c3f3d0d
)
- 2.5.1
Automatically generated by python-semantic-release (1ea5b20
)
- build: move typing to dev-dependencies
Move types-setuptools
and types-toml
to dev-dependencies (#226)
Signed-off-by: Adam Johnson <me@adamj.eu> (0e2376b
)
- docs: fix typo "This is out" -> "This is our"
Fix typo in comments: "This is out" -> "This is our" (#233)
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (ef0278a
)
- feat: use
SortedSet
in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson
Signed-off-by: Paul Horton <paul.horton@owasp.org> (8a1c404
)
- 2.5.0
Automatically generated by python-semantic-release (c820423
)
- Merge pull request #235 from RodneyRichardson/use-sorted-set
feat: use SortedSet
in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson (c43f6d8
)
-
Merge branch 'CycloneDX:main' into use-sorted-set (
1b8ac25
) -
Fix SortedSet type hints for python < 3.8
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (71eeb4a
)
- Fix line length warning.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (e9ee712
)
- Fix more type hints for python < 3.8
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (f042bce
)
- Fix SortedSet type hints for python < 3.8
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (2e283ab
)
- Fix type hint on ComparableTuple
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (43ef908
)
- Sort usings.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (8f86c12
)
- Fix sonatype-lift warnings
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (f1e92e3
)
- Fix warnings.
Change tuple -> Tuple Fix Diff initialization Add sorting to AttachedText
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (2b47ff6
)
- Reduce sortedcontainers.pyi to only the functions used.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (ef0fbe2
)
- Remove flake8 warnings
Remove unused imports and trailing whitespace. Sort usings in pyi file.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (41d1bee
)
- Add type hints for SortedSet
Fix use of set/Set.
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (df0f554
)
- Replace object type hint in lt with Any
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (ec22f68
)
- Make reorder() return type explicit List (as flagged by sonatype-lift bot)
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (695ee86
)
- Use SortedSet in model to improve reproducibility
Added __lt__()
to all model classes used in SortedSet, with tests
Explicitly declared Enums as (str, Enum) to allow sorting
Added dependency to sortedcollections package
Signed-off-by: Rodney Richardson <rodney.richardson@cambridgeconsultants.com> (368f522
)
- feat(deps): remove unused
typing-extensions
constraints
PullRequest and details via #224
Signed-off-by: gruebel <anton.gruebel@gmail.com> (2ce358a
)
- 2.4.0
Automatically generated by python-semantic-release (4874354
)
- revert
types-toml
on lowest setup (32ece98
)
- feat: add support for Dependency Graph in Model and output serialisation
Signed-off-by: Paul Horton <paul.horton@owasp.org> (ea34513
)
- 2.3.0
Automatically generated by python-semantic-release (5c1047a
)
- Merge pull request #210 from CycloneDX/feat/support-bom-dependencies
feat: add support for Dependency Graph in Model and output serialisation (JSON and XML) (938169c
)
- Merge pull request #214 from CycloneDX/feat/support-bom-dependencies-no-cast
no cast (2551545
)
- no cast
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (dec3b70
)
- update to use
Set
operators (more Pythonic)
Signed-off-by: Paul Horton <paul.horton@owasp.org> (f01665e
)
- missing closing
>
inBomRef.__repr__
Signed-off-by: Paul Horton <paul.horton@owasp.org> (2c7c4be
)
- removed unnecessary condition -
self.get_bom().components
is always aSet
Signed-off-by: Paul Horton <paul.horton@owasp.org> (5eb5669
)
- added additional tests to validate Component in Metadata is properly represented in Dependency Graph
Signed-off-by: Paul Horton <paul.horton@owasp.org> (b8d526e
)
- adjusted unit tests to account for inclusion of Component in Bom Metadata in Dependency Graphy
Signed-off-by: Paul Horton <paul.horton@owasp.org> (c605f2b
)
- updates based on feedback from @jkowalleck
Signed-off-by: Paul Horton <paul.horton@owasp.org> (04511f3
)
-
Merge branch 'feat/support-bom-dependencies' of github.com:CycloneDX/cyclonedx-python-lib into feat/support-bom-dependencies (
8fb408c
) -
doc: updated docs to reflect support for Dependency Graph
Signed-off-by: Paul Horton <paul.horton@owasp.org> (a680544
)
- updated file hash in test
Signed-off-by: Paul Horton <paul.horton@owasp.org> (56f3d5d
)
- removed unused import
Signed-off-by: Paul Horton <paul.horton@owasp.org> (61c3338
)
- doc: updated docs to reflect support for Dependency Graph
Signed-off-by: Paul Horton <paul.horton@owasp.org> (3df017f
)
- updated file hash in test
Signed-off-by: Paul Horton <paul.horton@owasp.org> (449cb1e
)
- removed unused import
Signed-off-by: Paul Horton <paul.horton@owasp.org> (f487c4a
)
- feat: Bump XML schemas to latest fix version for 1.2-1.4 - see: CycloneDX/specification#122
Signed-off-by: Paul Horton <phorton@sonatype.com> (bd2e756
)
- feat: bump JSON schemas to latest fix verison for 1.2 and 1.3 - see:
Signed-off-by: Paul Horton <phorton@sonatype.com> (bd6a088
)
- 2.2.0
Automatically generated by python-semantic-release (67ecfac
)
- Merge pull request #207 from CycloneDX/feat/update-schemas
feat: Update CycloneDX Schemas to latest patch versions (2c55cb5
)
- mark schema files as vendored
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a9c3e77
)
- Merge pull request #191 from CycloneDX/feat/pre-commit-hooks
[DEV] Add pre-commit hooks (91ceeb1
)
- fix: prevent error if
version
not set
Signed-off-by: Paul Horton <phorton@sonatype.com> (b9a84b5
)
- 2.1.1
Automatically generated by python-semantic-release (f78d608
)
- Merge pull request #194 from CycloneDX/fix/json-output-version-optional-bug-193
fix: version
being optional in JSON output can raise error (6f7e09a
)
- feat: output errors are verbose
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (bfe8fb1
)
- fix:
version
being optional in JSON output can raise error
Signed-off-by: Paul Horton <phorton@sonatype.com> (ba0c82f
)
- 2.1.0
Automatically generated by python-semantic-release (c58f8f8
)
- Merge pull request #198 from CycloneDX/verbose_outout_errors
fix: improved output errors - file/directory is now included (4618c62
)
- updated to be more pythonic
Signed-off-by: Paul Horton <phorton@sonatype.com> (a1bbf00
)
- doc: added CONTRIBUTING to public docs doc: included pre-commit hooks in CONTRIBUTING
Signed-off-by: Paul Horton <phorton@sonatype.com> (f38215f
)
- Merge pull request #182 from CycloneDX/sort-imports
style: sort imports (aa37e56
)
- feat: bump dependencies
BREAKING CHANGE: Adopt PEP-3102
BREAKING CHANGE: Optional Lists are now non-optional Sets
BREAKING CHANGE: Remove concept of DEFAULT schema version - replaced with LATEST schema version
BREAKING CHANGE: Added BomRef
data type
Signed-off-by: Paul Horton <phorton@sonatype.com> (da3f0ca
)
- feat: completed work on #155 (#172)
fix: resolved #169 (part of #155) feat: as part of solving #155, #147 has been implemented
Signed-off-by: Paul Horton <phorton@sonatype.com> (a926b34
)
-
feat: support complete model for
bom.metadata
(#162) -
feat: support complete model for
bom.metadata
fix: JSON comparison in unit tests was broken chore: corrected some source license headers
Signed-off-by: Paul Horton <phorton@sonatype.com> (2938a6c
)
- feat: support for
bom.externalReferences
in JSON and XML #124
Signed-off-by: Paul Horton <phorton@sonatype.com> (1b733d7
)
-
feat: Complete support for
bom.components
(#155) -
fix: implemented correct
__hash__
methods in models (#153)
Signed-off-by: Paul Horton <phorton@sonatype.com> (32c0139
)
- feat: support services in XML BOMs feat: support nested services in JSON and XML BOMs
Signed-off-by: Paul Horton <phorton@sonatype.com> (9edf6c9
)
- fix:
license_url
not serialised in XML output #179 (#180)
Signed-off-by: Paul Horton <phorton@sonatype.com> (f014d7c
)
- fix:
Component.bom_ref
is not Optional in our model implementation (in the schema it is) - we generate a UUID ifbom_ref
is not supplied explicitly
Signed-off-by: Paul Horton <phorton@sonatype.com> (5c954d1
)
- fix: temporary fix for
__hash__
of Component withproperties
#153
Signed-off-by: Paul Horton <phorton@sonatype.com> (a51766d
)
- fix: further fix for #150
Signed-off-by: Paul Horton <phorton@sonatype.com> (1f55f3e
)
- fix: regression introduced by first fix for #150
Signed-off-by: Paul Horton <phorton@sonatype.com> (c09e396
)
- fix: Components with no version (optional since 1.4) produce invalid BOM output in XML #150
Signed-off-by: Paul Horton <phorton@sonatype.com> (70d25c8
)
- fix:
expression
not supported in Component Licsnes for version 1.0
Signed-off-by: Paul Horton <phorton@sonatype.com> (15b081b
)
- 2.0.0
Automatically generated by python-semantic-release (a4af3dc
)
-
Merge pull request #148 from CycloneDX/feat/add-bom-services (
631e400
) -
Merge branch 'main' into feat/add-bom-services (
9a32351
) -
doc: added RTD badge to README
Signed-off-by: Paul Horton <phorton@sonatype.com> (b20d9d1
)
- implemented
__str__
forBomRef
Signed-off-by: Paul Horton <phorton@sonatype.com> (670bde4
)
-
Continuation of #170 - missed updating Vulnerability to use
BomRef
(#175) -
BREAKING CHANGE: added new model
BomRef
unlocking logic later to ensure uniquness and dependency references
Signed-off-by: Paul Horton <phorton@sonatype.com>
- updated Vulnerability to also use new
BomRef
model
Signed-off-by: Paul Horton <phorton@sonatype.com> (0d82c01
)
- BREAKING CHANGE: added new model
BomRef
unlocking logic later to ensure uniquness and dependency references (#174)
Signed-off-by: Paul Horton <phorton@sonatype.com> (d189f2c
)
- BREAKING CHANGE: replaced concept of default schema version with latest supported #171 (#173)
Signed-off-by: Paul Horton <phorton@sonatype.com> (020fcf0
)
- BREAKING CHANGE: Updated default schema version to 1.4 from 1.3 (#164)
Signed-off-by: Paul Horton <phorton@sonatype.com> (9b6ce4b
)
-
BREAKING CHANGE: update models to use
Set
rather thanList
(#160) -
BREAKING CHANGE: update models to use
Set
andIterable
rather thanList[..]
BREAKING CHANGE: update final models to use@property
wip
Signed-off-by: Paul Horton <phorton@sonatype.com> (142b8bf
)
- removed unnecessary calls to
hash()
in__hash__()
methods as pointed out by @jkowalleck
Signed-off-by: Paul Horton <phorton@sonatype.com> (0f1fd6d
)
- BREAKING CHANGE: adopted PEP-3102 for model classes (#158)
Signed-off-by: Paul Horton <phorton@sonatype.com> (b3c8d9a
)
- doc: added page to docs to call out which parts of the specification this library supports
Signed-off-by: Paul Horton <phorton@sonatype.com> (41a4be0
)
- attempt to resolve Lift finding
Signed-off-by: Paul Horton <phorton@sonatype.com> (2090c08
)
- removed unused imports
Signed-off-by: Paul Horton <phorton@sonatype.com> (a35d540
)
-
WIP on
bom.services
-
WIP but a lil hand up for @madpah
Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com>
- chore: added missing license header
Signed-off-by: Paul Horton <phorton@sonatype.com>
-
No default values for required fields
-
Add Services to BOM
-
Typo fix
-
aligned classes with standards, commented out Signature work for now, added first tests for Services
Signed-off-by: Paul Horton <phorton@sonatype.com>
- addressed standards
Signed-off-by: Paul Horton <phorton@sonatype.com>
- 1.2.0
Automatically generated by python-semantic-release
Signed-off-by: Paul Horton <phorton@sonatype.com>
-
feat:
bom-ref
for Component and Vulnerability default to a UUID (#142) -
feat:
bom-ref
for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141
Signed-off-by: Paul Horton <phorton@sonatype.com>
- doc: updated documentation to reflect change
Signed-off-by: Paul Horton <phorton@sonatype.com>
- patched other tests to support UUID for bom-ref
Signed-off-by: Paul Horton <phorton@sonatype.com>
- better syntax
Signed-off-by: Paul Horton <phorton@sonatype.com>
- 1.3.0
Automatically generated by python-semantic-release
Signed-off-by: Paul Horton <phorton@sonatype.com>
- WIP but a lil hand up for @madpah
Signed-off-by: Jeffry Hesse <5544326+DarthHater@users.noreply.github.com> Signed-off-by: Paul Horton <phorton@sonatype.com>
- chore: added missing license header
Signed-off-by: Paul Horton <phorton@sonatype.com>
- aligned classes with standards, commented out Signature work for now, added first tests for Services
Signed-off-by: Paul Horton <phorton@sonatype.com>
- removed signature from this branch
Signed-off-by: Paul Horton <phorton@sonatype.com>
-
Add Services to BOM
-
Typo fix
-
addressed standards
Signed-off-by: Paul Horton <phorton@sonatype.com>
- resolved typing issues from merge
Signed-off-by: Paul Horton <phorton@sonatype.com>
- added a bunch more tests for JSON output
Signed-off-by: Paul Horton <phorton@sonatype.com>
Co-authored-by: Paul Horton <phorton@sonatype.com>
Co-authored-by: github-actions <action@github.com> (b45ff18
)
-
feat:
bom-ref
for Component and Vulnerability default to a UUID (#142) -
feat:
bom-ref
for Component and Vulnerability default to a UUID if not supplied ensuring they have a unique value #141
Signed-off-by: Paul Horton <phorton@sonatype.com>
- doc: updated documentation to reflect change
Signed-off-by: Paul Horton <phorton@sonatype.com>
- patched other tests to support UUID for bom-ref
Signed-off-by: Paul Horton <phorton@sonatype.com>
- better syntax
Signed-off-by: Paul Horton <phorton@sonatype.com> (3953bb6
)
- 1.3.0
Automatically generated by python-semantic-release (4178181
)
-
feat: add CPE to component (#138)
-
Added CPE to component
Setting CPE was missing for component, now it is possible to set CPE and output CPE for a component.
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Fixing problems with CPE addition
- Fixed styling errors
- Added reference to CPE Spec
- Adding CPE parameter as last parameter to not break arguments
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Again fixes for Style and CPE reference
Missing in the last commit
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Added CPE as argument before deprecated arguments
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Added testing for CPE addition and error fixing
- Added output tests for CPE in XML and JSON
- Fixes style error in components
- Fixes order for CPE output in XML (CPE has to come before PURL)
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Fixed output tests
CPE was still in the wrong position in one of the tests - fixed
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Fixed minor test fixtures issues
- cpe was still in wrong position in 1.2 JSON
- Indentation fixed in 1.4 JSON
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com>
- Fixed missing comma in JSON 1.2 test file
Signed-off-by: Jens Lucius <jens.lucius@de.bosch.com> (269ee15
)
- 1.2.0
Automatically generated by python-semantic-release (97c215c
)
- fix: bump dependencies (#136)
Signed-off-by: Paul Horton <phorton@sonatype.com> (18ec498
)
- 1.1.1
Automatically generated by python-semantic-release (dec63de
)
-
feat: add support for
bom.metadata.component
(#118) -
Add support for metadata component
Part of #6
Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com>
- Better docs and simpler ifs
Signed-off-by: Artem Smotrakov <asmotrakov@riotgames.com> (1ac31f4
)
- 1.1.0
Automatically generated by python-semantic-release (d4007bd
)
-
Manually generated release (
3509fb6
) -
Support for CycloneDX schema version 1.4 (#108)
BREAKING CHANGE: Support for CycloneDX 1.4. This includes:
- Support for
tools
havingexternalReferences
- Allowing
version
for aComponent
to be optional in 1.4 - Support for
releaseNotes
perComponent
- Support for the core schema implementation of Vulnerabilities (VEX)
Other changes included in this PR:
- Unit tests now include schema validation (we've left schema validation out of the core library due to dependency bloat)
- Fixes to ensure schema is adhered to in 1.0
- URI's are now used throughout the library through a new
XsUri
class to provide URI validation - Documentation is now hosted on readthedocs.org (https://cyclonedx-python-library.readthedocs.io/)
$schema
is now included in JSON BOMs- Concrete Parsers how now been moved into downstream projects to keep this libraries focus on modelling and outputting CycloneDX - see https://github.com/CycloneDX/cyclonedx-python
- Added reference to release of this library on Anaconda
Signed-off-by: Paul Horton <phorton@sonatype.com>
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Paul Horton <phorton@sonatype.com>
Co-authored-by: Jan Kowalleck <jan.kowalleck@gmail.com> (7fb6da9
)
-
Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (
d26970b
) -
Update CONTRIBUTING.md (
4448d9b
)
- fix: removed requirements-parser as dependency (temp) as not available for Python 3 as Wheel (#98)
Signed-off-by: Paul Horton <phorton@sonatype.com> (3677d9f
)
- 0.12.3
Automatically generated by python-semantic-release (cfc9d38
)
- fix: tightened dependency
packageurl-python
(#95)
fixes #94
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (eb4ae5c
)
- 0.12.2
Automatically generated by python-semantic-release (54b9f74
)
- fix: further loosened dependency definitions
see #44
updated some locked dependencies to latest versions
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (8bef6ec
)
- 0.12.1
Automatically generated by python-semantic-release (43fc36e
)
-
feat: loosed dependency versions to make this library more consumable
-
feat: lowering minimum dependency versions
Signed-off-by: Paul Horton <phorton@sonatype.com>
- feat: lowering minimum dependency versions
Signed-off-by: Paul Horton <phorton@sonatype.com>
- feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library
Signed-off-by: Paul Horton <phorton@sonatype.com>
- feat: lowering minimum dependency versions - importlib-metadata raising minimum to ensure we get a typed library
Signed-off-by: Paul Horton <phorton@sonatype.com>
- feat: lowering minimum version for importlib-metadata to 3.4.0 with modified import statement
Signed-off-by: Paul Horton <phorton@sonatype.com> (55f10fb
)
- 0.12.0
Automatically generated by python-semantic-release (1a907ea
)
- Merge pull request #88 from CycloneDX/contributing-file
initial CONTRIBUTING file (20035bb
)
- initial CONTRIBUTING file
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (6ffe14d
)
- CHORE: poetry(deps): bump filelock from 3.3.2 to 3.4.0
poetry(deps): bump filelock from 3.3.2 to 3.4.0 (e144aa2
)
- CHORE: poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4
poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4 (5fcdcb7
)
- poetry(deps): bump filelock from 3.3.2 to 3.4.0
Bumps filelock from 3.3.2 to 3.4.0.
updated-dependencies:
- dependency-name: filelock dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (8d4520e
)
- CHORE: poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29
poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29 (fc6e3ac
)
- poetry(deps): bump types-setuptools from 57.4.2 to 57.4.4
Bumps types-setuptools from 57.4.2 to 57.4.4.
updated-dependencies:
- dependency-name: types-setuptools dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (00dcbb8
)
- CHORE: poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2
poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2 (28f9676
)
- poetry(deps-dev): bump flake8-bugbear from 21.9.2 to 21.11.29
Bumps flake8-bugbear from 21.9.2 to 21.11.29.
updated-dependencies:
- dependency-name: flake8-bugbear dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (1eec2e8
)
- CHORE: poetry(deps-dev): bump coverage from 6.1.2 to 6.2
poetry(deps-dev): bump coverage from 6.1.2 to 6.2 (bdd9365
)
- CHORE: poetry(deps): bump mako from 1.1.5 to 1.1.6
poetry(deps): bump mako from 1.1.5 to 1.1.6 (33d3ecc
)
- poetry(deps-dev): bump coverage from 6.1.2 to 6.2
Bumps coverage from 6.1.2 to 6.2.
updated-dependencies:
- dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (be1af9b
)
-
DOCS: fix README shields & links (
43b1121
) -
doc: readme maintenance - shields & links (#72)
-
README: restructure links
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: add lan to fenced code blocks
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: fix some formatting
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: modernized shields
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: harmonize links
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: add language to code fences
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: markdown fixes
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- README: removed py version shield
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (3d0ea2f
)
- poetry(deps): bump mako from 1.1.5 to 1.1.6
Bumps mako from 1.1.5 to 1.1.6.
updated-dependencies:
- dependency-name: mako dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (3344b86
)
- Merge pull request #47 from CycloneDX/dependabot/pip/filelock-3.3.2
poetry(deps): bump filelock from 3.3.1 to 3.3.2 (3f967b3
)
-
FIX: update Conda package parsing to handle
build
containing underscore (#66) -
fix: update conda package parsing to handle
build
containing underscore
Signed-off-by: Paul Horton <phorton@sonatype.com>
- updated some typings
Signed-off-by: Paul Horton <phorton@sonatype.com> (2c6020a
)
- poetry(deps): bump importlib-metadata from 4.8.1 to 4.8.2
Bumps importlib-metadata from 4.8.1 to 4.8.2.
updated-dependencies:
- dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (003f6b4
)
- poetry(deps): bump filelock from 3.3.1 to 3.3.2
Bumps filelock from 3.3.1 to 3.3.2.
updated-dependencies:
- dependency-name: filelock dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (55022b7
)
- Merge pull request #45 from CycloneDX/dependabot/pip/importlib-resources-5.4.0
poetry(deps): bump importlib-resources from 5.3.0 to 5.4.0 (b8acf9f
)
- Merge pull request #70 from CycloneDX/dependabot/pip/pyparsing-3.0.6
poetry(deps): bump pyparsing from 3.0.5 to 3.0.6 (faa8628
)
- Merge pull request #69 from CycloneDX/dependabot/pip/coverage-6.1.2
poetry(deps-dev): bump coverage from 6.1.1 to 6.1.2 (eba56dc
)
- poetry(deps): bump pyparsing from 3.0.5 to 3.0.6
Bumps pyparsing from 3.0.5 to 3.0.6.
updated-dependencies:
- dependency-name: pyparsing dependency-type: indirect update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (4f2b2d8
)
- poetry(deps-dev): bump coverage from 6.1.1 to 6.1.2
Bumps coverage from 6.1.1 to 6.1.2.
updated-dependencies:
- dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] <support@github.com> (1d0f5ea
)
- fix: constructor for
Vulnerability
to correctly defineratings
as optional
Signed-off-by: William Woodruff <william@trailofbits.com> (395a0ec
)
- 0.11.1
Automatically generated by python-semantic-release (a80f87a
)
-
FEAT: Support Python 3.10 (#64)
-
fix: tested with Python 3.10
Signed-off-by: Paul Horton <phorton@sonatype.com>
- added trove classifier for Python 3.10
Signed-off-by: Paul Horton <phorton@sonatype.com>
- fix: upgrade Poetry version to workaround issue between Poetry and Python 3.10 (see: python-poetry/poetry#4210)
Signed-off-by: Paul Horton <phorton@sonatype.com> (385b835
)
- poetry(deps): bump importlib-resources from 5.3.0 to 5.4.0
Bumps importlib-resources from 5.3.0 to 5.4.0.
updated-dependencies:
- dependency-name: importlib-resources dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (a1dd775
)
-
feat: Typing & PEP 561
-
adde file for type checkers according to PEP 561
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- added static code analysis as a dev-test
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- added the "typed" trove
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- added
flake8-annotations
to the tests
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- added type hints
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- further typing updates
Signed-off-by: Paul Horton <phorton@sonatype.com>
- further typing additions and test updates
Signed-off-by: Paul Horton <phorton@sonatype.com>
- further typing
Signed-off-by: Paul Horton <phorton@sonatype.com>
- further typing - added type stubs for toml and setuptools
Signed-off-by: Paul Horton <phorton@sonatype.com>
- further typing
Signed-off-by: Paul Horton <phorton@sonatype.com>
- typing work
Signed-off-by: Paul Horton <phorton@sonatype.com>
- coding standards
Signed-off-by: Paul Horton <phorton@sonatype.com>
- fixed tox and mypy running in correct python version
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- supressed mypy for
cyclonedx.utils.conda.parse_conda_json_to_conda_package
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- fixed type hints
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- fixed some typing related flaws
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
- added flake8-bugbear for code analysis
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Co-authored-by: Paul Horton <phorton@sonatype.com> (9144765
)
- 0.11.0
Automatically generated by python-semantic-release (7262783
)
- Merge pull request #41 from jkowalleck/improv-abstract
fixed some abstract definitions (f34e2c2
)
- Merge pull request #42 from jkowalleck/improv-pipenv
slacked pipenv parser (08bc4ab
)
- Merge pull request #43 from jkowalleck/improv-conda-typehints
fixed typehints/docs in _BaseCondaParser
(931016d
)
- Merge pull request #54 from jkowalleck/create-CODEOWNERS
created CODEOWNERS (7f28bef
)
- Merge pull request #56 from CycloneDX/dependabot/pip/py-1.11.0
poetry(deps): bump py from 1.10.0 to 1.11.0 (f1cda3c
)
- Merge pull request #58 from CycloneDX/dependabot/pip/pyparsing-3.0.5
poetry(deps): bump pyparsing from 2.4.7 to 3.0.5 (0525439
)
- Merge pull request #19 from CycloneDX/dependabot/pip/zipp-3.6.0
poetry(deps): bump zipp from 3.5.0 to 3.6.0 (c54c968
)
- poetry(deps): bump py from 1.10.0 to 1.11.0
Bumps py from 1.10.0 to 1.11.0.
updated-dependencies:
- dependency-name: py dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (330711f
)
- Merge pull request #57 from CycloneDX/dependabot/pip/coverage-6.1.1
poetry(deps-dev): bump coverage from 5.5 to 6.1.1 (fa55e5c
)
- poetry(deps): bump pyparsing from 2.4.7 to 3.0.5
Bumps pyparsing from 2.4.7 to 3.0.5.
updated-dependencies:
- dependency-name: pyparsing dependency-type: indirect update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <support@github.com> (3bedaff
)
- Merge pull request #55 from CycloneDX/dependabot/pip/virtualenv-20.10.0
poetry(deps): bump virtualenv from 20.8.1 to 20.10.0 (4c3df85
)
-
CI/CT runs on main & master branch (
2d0df7b
) -
poetry(deps-dev): bump coverage from 5.5 to 6.1.1
Bumps coverage from 5.5 to 6.1.1.
updated-dependencies:
- dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ...
Signed-off-by: dependabot[bot] <support@github.com> (e322d74
)
- poetry(deps): bump virtualenv from 20.8.1 to 20.10.0
Bumps virtualenv from 20.8.1 to 20.10.0.
updated-dependencies:
- dependency-name: virtualenv dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (3927cdc
)
- created CODEOWNERS
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (e8e499c
)
- fixed typehints/docs in
_BaseCondaParser
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (af6ddfd
)
- slacked pipenv parser
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (a3572ba
)
- fixed some abstract definitions
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com> (9e67998
)
- fix: correct way to write utf-8 encoded files
Signed-off-by: Paul Horton <phorton@sonatype.com> (49f9369
)
- 0.10.2
Automatically generated by python-semantic-release (79538e9
)
- fix: ensure output to file is UTF-8
Signed-off-by: Paul Horton <phorton@sonatype.com> (a10da20
)
- fix: ensure output to file is UTF-8
Signed-off-by: Paul Horton <phorton@sonatype.com> (193bf64
)
- 0.10.1
Automatically generated by python-semantic-release (e6451a3
)
- Merge pull request #40 from CycloneDX/fix/issue-39-windows-UnicodeEncodeError
FIX: Resolve file encoding issues on Windows (48329e0
)
- remove memoryview from sha1 file hashing
Signed-off-by: Paul Horton <phorton@sonatype.com> (a56be0f
)
- added debug to CI to aid understanding of miss matching SHA1 hashes on Windows
Signed-off-by: Paul Horton <phorton@sonatype.com> (10c6b51
)
- feat: add support for Conda
Signed-off-by: Paul Horton <phorton@sonatype.com> (bd29c78
)
- 0.10.0
Automatically generated by python-semantic-release (eea3598
)
- Merge pull request #38 from CycloneDX/feat/conda-support
feat: add support for Conda (ee5d36d
)
- add support pre Python 3.8
Signed-off-by: Paul Horton <phorton@sonatype.com> (2d01116
)
- doc: updated documentation with Conda support (and missed updates for externalReferences)
Signed-off-by: Paul Horton <phorton@sonatype.com> (57e9dc7
)
- fix: missing check for Classifiers in Environment Parser
Signed-off-by: Paul Horton <phorton@sonatype.com> (b7fa38e
)
- 0.9.1
Automatically generated by python-semantic-release (f132c92
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (
51a1e50
)
- feat: add support for parsing package licenses when using the
Environment
Parsers
Signed-off-by: Paul Horton <phorton@sonatype.com> (c414eaf
)
- 0.9.0
Automatically generated by python-semantic-release (ad65564
)
- Merge pull request #36 from CycloneDX/feat/add-license-support
Add support for parsing package licenses from installed packages (d45f75b
)
- fix: coding standards violations
Signed-off-by: Paul Horton <phorton@sonatype.com> (00cd1ca
)
- fix: handle
Pipfile.lock
dependencies without anindex
specified fix: multiple fixes in variable scoping to prevent accidental data sharing
Signed-off-by: Paul Horton <phorton@sonatype.com> (26c62fb
)
- 0.8.3
Automatically generated by python-semantic-release (91f9a8b
)
- Merge pull request #34 from CycloneDX/fix/issue-33-pipfile-lock-parse-failure
BUG: Fixe for Pipfile.lock
parsing + accidental data sharing issues identified during testing (4079323
)
- fix: add namespace and subpath support to Component to complete PackageURL Spec support
Signed-off-by: Paul Horton <phorton@sonatype.com> (780adeb
)
- 0.8.2
Automatically generated by python-semantic-release (298318f
)
- Merge pull request #32 from CycloneDX/feat/full-packageurl-support
Add namespace
and subpath
support to Component
(bb3af91
)
- fix: multiple hashes being created for an externalRefernce which is not as required
Signed-off-by: Paul Horton <phorton@sonatype.com> (970d192
)
- 0.8.1
Automatically generated by python-semantic-release (70689a2
)
- feat: add support for
externalReferneces
forComponents
and associated enhancements to parsers to obtain information where possible/known
Signed-off-by: Paul Horton <phorton@sonatype.com> (a152852
)
- 0.8.0
Automatically generated by python-semantic-release (7a49f9d
)
- Merge pull request #29 from CycloneDX/feat/component-external-references
FEATURE: Add support for externalReferences
against Component
s (bdee0ea
)
- doc: notable improvements to API documentation generation (added search, branding, a little styling)
Signed-off-by: Paul Horton <phorton@sonatype.com> (e7a5b5a
)
- feat: support for pipenv.lock file parsing
Signed-off-by: Paul Horton <phorton@sonatype.com> (68a2dff
)
- 0.7.0
Automatically generated by python-semantic-release (827bd1c
)
- Merge pull request #27 from CycloneDX/feat/add-pipenv-support
FEATURE: Add Pipfile.lock
(pipenv) support (2c42e2a
)
- doc: updated README.md to include Pipfile.lock parsing
Signed-off-by: Paul Horton <phorton@sonatype.com> (2c66834
)
- fix: added ability to add tools in addition to this library when generating CycloneDX + plus fixes relating to multiple BOM instances
Signed-off-by: Paul Horton <phorton@sonatype.com> (e03a25c
)
- 0.6.2
Automatically generated by python-semantic-release (e68fbc2
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (
2bf2711
)
- fix: better methods for checking if a Component is already represented in the BOM, and the ability to get the existing instance
Signed-off-by: Paul Horton <phorton@sonatype.com> (5fee85f
)
- 0.6.1
Automatically generated by python-semantic-release (c530460
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (
eb3a46b
)
- feat: helper method for representing a File as a Component taking into account versioning for files as per https://github.com/CycloneDX/cyclonedx.org/issues/34
Signed-off-by: Paul Horton <phorton@sonatype.com> (7e0fb3c
)
- feat: support for non-PyPi Components - PackageURL type is now definable when creating a Component
Signed-off-by: Paul Horton <phorton@sonatype.com> (fde79e0
)
- 0.6.0
Automatically generated by python-semantic-release (907cd2d
)
- Merge pull request #25 from CycloneDX/feat/additions-to-enable-integration-into-checkov
Support for representing File as Component (63a86b0
)
- build: updated dependencies, moved pdoc3 to a dev dependency
Signed-off-by: Paul Horton <phorton@sonatype.com> (6a9947d
)
- feat: add support for tool(s) that generated the SBOM
Signed-off-by: Paul Horton <phorton@sonatype.com> (7d1e6ef
)
- fix: bumped a dependency version
Signed-off-by: Paul Horton <phorton@sonatype.com> (efc1053
)
- 0.5.0
Automatically generated by python-semantic-release (a655d29
)
- Merge pull request #20 from CycloneDX/feat/additional-metadata
feat: add support for tool(s) that generated the SBOM (b33cbf4
)
- fix for Pytho< 3.8 support in tests
Signed-off-by: Paul Horton <phorton@sonatype.com> (c9b6019
)
- ensure support for Python < 3.8
Signed-off-by: Paul Horton <phorton@sonatype.com> (53a82cf
)
- ensure support for Python < 3.8
Signed-off-by: Paul Horton <phorton@sonatype.com> (2a9e56a
)
- doc: added documentation
Signed-off-by: Paul Horton <phorton@sonatype.com> (cf13c68
)
- poetry(deps): bump zipp from 3.5.0 to 3.6.0
Bumps zipp from 3.5.0 to 3.6.0.
updated-dependencies:
- dependency-name: zipp dependency-type: indirect update-type: version-update:semver-minor ...
Signed-off-by: dependabot[bot] <support@github.com> (30f2547
)
- doc: bumped gh-action for publishing docs
Signed-off-by: Paul Horton <phorton@sonatype.com> (ac70eee
)
- doc: added documentation to model/bom
Signed-off-by: Paul Horton <phorton@sonatype.com> (fe98ada
)
- doc: formatting
Signed-off-by: Paul Horton <phorton@sonatype.com> (1ad7fb1
)
- doc: added missing docstrings to allow documentation to generate
Signed-off-by: Paul Horton <phorton@sonatype.com> (ed743d9
)
- Merge pull request #10 from coderpatros/docs
Add initial doc generation and publishing (7873ad9
)
- build: dependencies updated
Signed-off-by: Paul Horton <phorton@sonatype.com> (0411826
)
- fix: improved handling for
requirements.txt
content without pinned or declared versions
Signed-off-by: Paul Horton <phorton@sonatype.com> (7f318cb
)
- 0.4.1
Automatically generated by python-semantic-release (d5b7a2f
)
- Merge pull request #15 from CycloneDX/fix/issue-14-requirements-unpinned-versions
fix: improved handling for requirements.txt
content without pinned … (f248015
)
- Add initial doc generation and publishing
Signed-off-by: Patrick Dwyer <patrick.dwyer@owasp.org> (cd1b558
)
- feat: support for localising vectors (i.e. stripping out any scheme prefix)
Signed-off-by: Paul Horton <phorton@sonatype.com> (b9e9e17
)
- feat: helper methods for deriving Severity and SourceType
Signed-off-by: Paul Horton <phorton@sonatype.com> (6a86ec2
)
- fix: removed print call
Signed-off-by: Paul Horton <phorton@sonatype.com> (8806553
)
- fix: relaxed typing of parameter to be compatible with Python < 3.9
Signed-off-by: Paul Horton <phorton@sonatype.com> (f9c7990
)
- fix: removed print call
Signed-off-by: Paul Horton <phorton@sonatype.com> (d272d2e
)
- fix: remove unused commented out code
Signed-off-by: Paul Horton <phorton@sonatype.com> (ba4f285
)
- 0.4.0
Automatically generated by python-semantic-release (f441413
)
- feat: adding support for extension schema that descriptions vulnerability disclosures
Signed-off-by: Paul Horton <phorton@sonatype.com> (d496695
)
- 0.3.0
Automatically generated by python-semantic-release (a5c3dab
)
- Merge pull request #5 from CycloneDX/feat/support-schema-extension-vulnerability-1.0
FEATURE: add support for Vulnerability Disclosures (6914272
)
- doc: updated README to explain support for Vulnerability Disclosures
Signed-off-by: Paul Horton <phorton@sonatype.com> (f477bf0
)
- feat: added helper method to return a PackageURL object representing a Component
Signed-off-by: Paul Horton <phorton@sonatype.com> (367bef1
)
- fix: whitespace on empty line removed
Signed-off-by: Paul Horton <phorton@sonatype.com> (cfc952e
)
- 0.2.0
Automatically generated by python-semantic-release (866eda7
)
- Merge pull request #4 from CycloneDX/feat/component-as-packageurl
fix: whitespace on empty line removed (ddc37f3
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib (
6142d2e
)
- feat: add poetry support
Signed-off-by: Paul Horton <phorton@sonatype.com> (f3ac42f
)
- 0.1.0
Automatically generated by python-semantic-release (0da668f
)
- Merge pull request #3 from CycloneDX/feat/poetry-lock-support
FEATURE: Adde poetry.lock parser support (37ba7c6
)
- feat(parser) - added support for parsing dependencies from poetry.lock files.
Signed-off-by: Paul Horton <phorton@sonatype.com> (15bc553
)
- fix(parser) parsers were able to share state unexpectedly
Signed-off-by: Paul Horton <phorton@sonatype.com> (dc59914
)
- fix(test): test was not updated for revised author statement
Signed-off-by: Paul Horton <phorton@sonatype.com> (d1c9d37
)
- fix(build): test failure and dependency missing
Fixed failing tests due to dependency on now removed VERSION file Added flake8 officially as a DEV dependency to poetry
Signed-off-by: Paul Horton <phorton@sonatype.com> (9a2cfe9
)
- fix(build): removed artefacts associtated with non-poetry build
Tidied up project to remove items associated with non-Poetry build process. Also aligned a few references in README to new home of this project under CycloneDX.
Signed-off-by: Paul Horton <phorton@sonatype.com> (f9119d4
)
- 0.0.11
Automatically generated by python-semantic-release (1c0aa71
)
- Merge pull request #2 from CycloneDX/fix/tidy-up-build-remove-pip
fix(build): removed artefacts associated with non-poetry build (b7de7b3
)
- fix: add in pypi badge (
6098c36
)
- 0.0.10
Automatically generated by python-semantic-release (245d809
)
- fix: additional info to poetry, remove circleci (
2fcfa5a
)
- 0.0.9
Automatically generated by python-semantic-release (e4a90cf
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (
69aaba5
)
- fix: initial release to pypi, tell poetry to include cyclonedx package (
a030177
)
- 0.0.8
Automatically generated by python-semantic-release (fc3f24c
)
- Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (
da2d18c
)
- fix: release with full name (
4c620ed
)
- 0.0.7
Automatically generated by python-semantic-release (19943e8
)
- fix: initial release to pypi (
99687db
)
- 0.0.6
Automatically generated by python-semantic-release (98ad249
)
- Switch to using action (
cce468a
)
- 0.0.5
Automatically generated by python-semantic-release (9bf4b9a
)
-
Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (
eeec0bb
) -
Try this on for size (
aa93310
)
- 0.0.4
Automatically generated by python-semantic-release (b16d6c5
)
- Use python3 to install (
4c810e1
)
- 0.0.3
Automatically generated by python-semantic-release (05306ee
)
-
Merge branch 'main' of github.com:CycloneDX/cyclonedx-python-lib into main (
f1d120c
) -
Bump up version of poetry (
89db268
)
- 0.0.2
Automatically generated by python-semantic-release (e15dec6
)
-
Remove check for push (
71b1270
) -
Manual deploy workflow (
9b4ac33
) -
License headers, OWASP etc... (
559b8d2
) -
Fixed unit tests pinned to a VERISON. (
5d907d5
) -
Bump to version 0.0.2 (
1050839
) -
Implemented writing SBOM to a file. (
74f4153
) -
Updated badge in README to include Python 3.6+ support. (
0a5903c
) -
Removed print() statement accidentally left in. (
22965a7
) -
Merge pull request #1 from sonatype-nexus-community/features/initial-port-of-v1.1-generation-from-jake
Initial port of library code to new library (2f2634b
)
-
Added license headers to all source files. Added classifiers for Python version to setup.py. (
bb6bb24
) -
Renamed model file to not reference CycloneDX as the models are agnostic on purpose. (
03d03ed
) -
Forgot to add updated poetry.lock file relfecting Python 3.6+ support (
5d3d491
) -
Updated project to state support from Python v3.6+ (
619ee1d
) -
Adding Python 3.6 support for test & CI. (
daa12ba
) -
Fixing CircleCI config. (
a446f4c
) -
Fixes to GitHub actions. (
d2aa277
) -
Disabled Py3.6 checks and added flake8. (
8c01da3
) -
Attempt to fix CI's for multiple Python environments. (
affb6b2
) -
Added support for Python versions 3.7+ (
ae24ba9
) -
Added missing ENV var for GH actions. (
c750ec6
) -
Missed wrapping a coverage command with poetry. (
3c74c82
) -
Added poetry virtualenv caching + wrapped tox and coverage with poetry to ensure they run in the poetry venv. (
780e3df
) -
Fixed typo in Github action. (
3953675
) -
Correction: Supported Python version in setup.py (
2f4917b
) -
Updated poetry dependencies and configuration. (
75041e5
) -
Initial draft GitHub actions being added. (
e2403e8
) -
Added Poetry supprot. (
e9a67f8
) -
Addressing issues reported by flake8. (
3ad394c
) -
Refactored output classes to use multiple inheritance allowing a single place to define which schema version support various attributes and elements. (
95c5b38
) -
Updated README to reflect support for author. (
bff5954
) -
Skeleton support for 'author' + v1.1 and v1.0 for JSON added (along with tests). (
e987f35
) -
Corrected typo in README (
0d2c355
) -
Updated README to include a summary of the support this library provides across the different schema versions. (
34f421f
) -
Initial support for V1.0 and V1.1 in XML output format. (
37f6b00
) -
Added 'serialNumber' to SBOMs (JSON and XML). (
50e3c75
) -
Added a bunch more content to the README to explain how the library can be used. (
bb41dc6
) -
Added metadata initial support to JSON output format. (
8c5590f
) -
Addition of simple 'metadata' element for XML SBOM's. (
f9e9773
) -
Added initial JSON outputter and associated tests. (
3e1f5ec
) -
Fix to generate HTML coverage reports and stash in CircleCI builds. (
dd88603
) -
Added HTML coverage report. (
ce700e5
) -
Missed coverage as a dependency for testing. (
01643d6
) -
Added coverage reporting for tests (
c34b1a6
) -
Added first tests for XML SBOM generation (v1.3 and v1.2). (
cb4337a
) -
WIP: Starting to generate XML output for BOMs (
35bdfca
) -
Updated CircleCI config to run tox. Fixed fomratting in tests. (
9a56230
) -
Rebasing from main. (
822ab8b
) -
Initial skeleton tests for output genereation. (
a614f3e
) -
pretty badge (
60e975c
) -
initial CI for discussion (
7e88cd5
) -
Added a little more information to the README. (
460c624
) -
Fixed issue reported by Flake8. Ensuring tests run on PY 3.9. (
cce130f
) -
Basic structure without any output generation available (very basic Component definition). (
6ac5dc2
) -
Added tox config with flake8 and py3.9 support. (
1def201
) -
Initially added skeleton packaging structure and official CycloneDX schemas. (
ac519c9
) -
Added inital blank README prior to branching for initial work. (
b175f6a
) -
Added inital blank README prior to branching for initial work. (
e8b5d48
) -
Initial commit (
62353b0
)