otupy.profiles.xbom.data.xbom.CyclonedxXbom

class CyclonedxXbom(format: XbomFormat | None = None, bom: Bom = None)

Bases: Xbom

CycloneDX implementation of XBOM

eXtended Bill of Materials using CycloneDX format. This is the concrete implementation that uses the CycloneDX library.

Methods

`add`	Add item to the BOM
`add_dependency`	Add a dependency relationship
`add_dependency_with_external_ref`	Add both an external reference and a dependency to another XBOM
`add_external_reference`	Add an external reference to a specific component or service in this XBOM
`add_link`	Add a link to an item in the BOM by bom_ref
`deserialize`	Deserialize data into the XBOM
`find_ref_by_name`	Find the bom_ref of a component or service by name
`fromdict`	Create Xbom from dictionary
`get_bom_link`	Generate a CycloneDX bom-link URI for an element in this BOM
`get_bom_serial_number`	Get or create the BOM's serial number (UUID)
`get_bom_version`	Get the BOM's version number
`merge`	Merge another XBOM into this one
`serialize`	Serialize the XBOM to a dictionary
`todict`	Convert XBOM to dictionary for serialization

Attributes

`bom`	CycloneDX Bill of Materials
`format`	Format of the XBOM

__init__(format: XbomFormat | None = None, bom: Bom = None)

add(item: Component | Service | Dependency | Any) → None

Add item to the BOM

Parameters:: item – Item to add (Component, Service, or object with as_cyclonedx() method)
Returns:: None

add_dependency(parent_ref: str, child_ref: str) → None

Add a dependency relationship

Creates a dependency where child_ref depends on parent_ref.

Parameters:

parent_ref – The bom_ref of the item that is depended upon
child_ref – The bom_ref of the dependent item

Returns:

None

add_dependency_with_external_ref(depends_on_xbom: Xbom, from_ref: str, comment: str | None = None) → None

Add both an external reference and a dependency to another XBOM

This is a convenience method that adds the dependency XBOM as an external reference and creates a dependency relationship.

The external reference uses the CycloneDX bom-link format: urn:cdx:{serial-number}/{version}#{bom-ref} See: https://cyclonedx.org/capabilities/bomlink/

Parameters:

depends_on_xbom – The XBOM that this XBOM depends on
from_ref – The bom_ref of the item in this BOM that depends on the other
comment – Optional comment describing the dependency

Returns:

None

add_external_reference(target_ref: str, url: str, ref_type: ExternalReferenceType = ExternalReferenceType.BOM, comment: str | None = None) → None

Add an external reference to a specific component or service in this XBOM

External references are used to link to other BOMs that contain related components.

Parameters:

target_ref – The bom_ref of the component/service to add the reference to
url – URL or URI of the external reference
ref_type – Type of external reference (default: BOM)
comment – Optional comment describing the external reference

Returns:

None

add_link(item_ref: str, link: any) → None

Add a link to an item in the BOM by bom_ref

This is a convenience method that finds the bom_ref of the item by name and adds it as a property.

Parameters:: item_name – The name of the item to link to
Returns:: None

bom: Bom = None: CycloneDX Bill of Materials

deserialize(data: dict | str) → None

Deserialize data into the XBOM

Parameters:: data – Data to deserialize
Returns:: None

find_ref_by_name(name: str) → str | None

Find the bom_ref of a component or service by name

Parameters:: name – The name to search for
Returns:: The bom_ref string if found, None otherwise

format: XbomFormat = None: Format of the XBOM

classmethod fromdict(dic, e): Create Xbom from dictionary

get_bom_link(element_bom_ref: str) → str

Generate a CycloneDX bom-link URI for an element in this BOM

Bom-link format: urn:cdx:{serial-number}/{version}#{bom-ref} See: https://cyclonedx.org/capabilities/bomlink/

Parameters:: element_bom_ref – The bom-ref of the element.
Returns:: A properly formatted bom-link URI

get_bom_serial_number() → str

Get or create the BOM’s serial number (UUID)

CycloneDX BOMs have a serial number that uniquely identifies the BOM. If not set, a new UUID will be generated and assigned.

Returns:: The serial number as a UUID string (without ‘urn:uuid:’ prefix)

get_bom_version() → int

Get the BOM’s version number

Returns:: The version number (defaults to 1 if not set)

merge(other: Xbom) → None

Merge another XBOM into this one

Parameters:: other – Other XBOM to merge
Returns:: None

serialize() → dict

Serialize the XBOM to a dictionary

Returns:: Serialized XBOM as a dictionary

todict(e): Convert XBOM to dictionary for serialization