hoppr-cyclonedx-models 0.5.4__tar.gz → 0.6.1__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of hoppr-cyclonedx-models might be problematic. Click here for more details.
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/PKG-INFO +7 -4
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/hoppr_cyclonedx_models/__init__.py +1 -1
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/hoppr_cyclonedx_models/cyclonedx_1_3.py +59 -13
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/hoppr_cyclonedx_models/cyclonedx_1_4.py +127 -58
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/hoppr_cyclonedx_models/cyclonedx_1_5.py +1134 -359
- hoppr_cyclonedx_models-0.6.1/hoppr_cyclonedx_models/cyclonedx_1_6.py +7049 -0
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/hoppr_cyclonedx_models/spdx.py +119 -3
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/pyproject.toml +18 -13
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/LICENSE +0 -0
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/README.md +0 -0
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/hoppr_cyclonedx_models/base.py +0 -0
- {hoppr_cyclonedx_models-0.5.4 → hoppr_cyclonedx_models-0.6.1}/hoppr_cyclonedx_models/py.typed +0 -0
|
@@ -1,13 +1,13 @@
|
|
|
1
|
-
Metadata-Version: 2.
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
2
|
Name: hoppr-cyclonedx-models
|
|
3
|
-
Version: 0.
|
|
3
|
+
Version: 0.6.1
|
|
4
4
|
Summary: CycloneDX Pydantic models for easy use in your Python project.
|
|
5
|
-
Home-page: https://gitlab.com/hoppr/hoppr-cyclonedx-models
|
|
6
5
|
License: MIT
|
|
6
|
+
License-File: LICENSE
|
|
7
7
|
Keywords: pydantic,models,cyclonedx,software bill of materials
|
|
8
8
|
Author: LMCO Open Source
|
|
9
9
|
Author-email: open.source@lmco.com
|
|
10
|
-
Requires-Python: >=3.
|
|
10
|
+
Requires-Python: >=3.8.0,<4.0.0
|
|
11
11
|
Classifier: Development Status :: 2 - Pre-Alpha
|
|
12
12
|
Classifier: Framework :: Pydantic
|
|
13
13
|
Classifier: Framework :: Pytest
|
|
@@ -19,9 +19,12 @@ Classifier: Programming Language :: Python :: 3.9
|
|
|
19
19
|
Classifier: Programming Language :: Python :: 3.10
|
|
20
20
|
Classifier: Programming Language :: Python :: 3.11
|
|
21
21
|
Classifier: Programming Language :: Python :: 3.12
|
|
22
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
23
|
+
Classifier: Programming Language :: Python :: 3.14
|
|
22
24
|
Classifier: Topic :: Software Development :: Code Generators
|
|
23
25
|
Classifier: Typing :: Typed
|
|
24
26
|
Requires-Dist: pydantic[email] (>=1.10.2,<2.0.0)
|
|
27
|
+
Requires-Dist: typing-extensions (>=4.7.1,<5.0.0)
|
|
25
28
|
Project-URL: Repository, https://gitlab.com/hoppr/hoppr-cyclonedx-models
|
|
26
29
|
Description-Content-Type: text/markdown
|
|
27
30
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"""
|
|
2
2
|
--------------------------------------------------------------------------------
|
|
3
|
-
SPDX-FileCopyrightText: Copyright ©
|
|
3
|
+
SPDX-FileCopyrightText: Copyright © 2025 Lockheed Martin <open.source@lmco.com>
|
|
4
4
|
SPDX-FileName: hoppr_cyclonedx_models/cyclonedx_1_3.py
|
|
5
5
|
SPDX-FileType: SOURCE
|
|
6
6
|
SPDX-License-Identifier: MIT
|
|
@@ -25,15 +25,15 @@ THE SOFTWARE.
|
|
|
25
25
|
--------------------------------------------------------------------------------
|
|
26
26
|
This file was generated by datamodel-codegen:
|
|
27
27
|
filename: bom-1.3.schema.json
|
|
28
|
-
timestamp:
|
|
29
|
-
version: 0.
|
|
28
|
+
timestamp: 2025-09-17T19:02:47+00:00
|
|
29
|
+
version: 0.25.7
|
|
30
30
|
"""
|
|
31
31
|
|
|
32
32
|
from __future__ import annotations
|
|
33
33
|
|
|
34
34
|
from datetime import datetime
|
|
35
35
|
from enum import Enum
|
|
36
|
-
from typing import List, Optional
|
|
36
|
+
from typing import List, Optional, Union
|
|
37
37
|
|
|
38
38
|
from pydantic import EmailStr, Field
|
|
39
39
|
from typing_extensions import Annotated, Literal
|
|
@@ -390,19 +390,48 @@ class Hash(CycloneDXBaseModel):
|
|
|
390
390
|
]
|
|
391
391
|
|
|
392
392
|
|
|
393
|
-
class
|
|
393
|
+
class License1(CycloneDXBaseModel):
|
|
394
|
+
id: Annotated[
|
|
395
|
+
spdx.LicenseID, Field(description="A valid SPDX license ID", examples=["Apache-2.0"], title="License ID (SPDX)")
|
|
396
|
+
]
|
|
397
|
+
name: Annotated[
|
|
398
|
+
Optional[str],
|
|
399
|
+
Field(
|
|
400
|
+
description="If SPDX does not define the license used, this field may be used to provide the license name",
|
|
401
|
+
examples=["Acme Software License"],
|
|
402
|
+
title="License Name",
|
|
403
|
+
),
|
|
404
|
+
] = None
|
|
405
|
+
text: Annotated[
|
|
406
|
+
Optional[Attachment],
|
|
407
|
+
Field(description="An optional way to include the textual content of a license.", title="License text"),
|
|
408
|
+
] = None
|
|
409
|
+
url: Annotated[
|
|
410
|
+
Optional[str],
|
|
411
|
+
Field(
|
|
412
|
+
description=(
|
|
413
|
+
"The URL to the license file. If specified, a 'license' externalReference should also be specified for"
|
|
414
|
+
" completeness"
|
|
415
|
+
),
|
|
416
|
+
examples=["https://www.apache.org/licenses/LICENSE-2.0.txt"],
|
|
417
|
+
title="License URL",
|
|
418
|
+
),
|
|
419
|
+
] = None
|
|
420
|
+
|
|
421
|
+
|
|
422
|
+
class License2(CycloneDXBaseModel):
|
|
394
423
|
id: Annotated[
|
|
395
424
|
Optional[spdx.LicenseID],
|
|
396
425
|
Field(description="A valid SPDX license ID", examples=["Apache-2.0"], title="License ID (SPDX)"),
|
|
397
426
|
] = None
|
|
398
427
|
name: Annotated[
|
|
399
|
-
|
|
428
|
+
str,
|
|
400
429
|
Field(
|
|
401
430
|
description="If SPDX does not define the license used, this field may be used to provide the license name",
|
|
402
431
|
examples=["Acme Software License"],
|
|
403
432
|
title="License Name",
|
|
404
433
|
),
|
|
405
|
-
]
|
|
434
|
+
]
|
|
406
435
|
text: Annotated[
|
|
407
436
|
Optional[Attachment],
|
|
408
437
|
Field(description="An optional way to include the textual content of a license.", title="License text"),
|
|
@@ -420,8 +449,8 @@ class License(CycloneDXBaseModel):
|
|
|
420
449
|
] = None
|
|
421
450
|
|
|
422
451
|
|
|
423
|
-
class
|
|
424
|
-
license:
|
|
452
|
+
class LicenseChoice1(CycloneDXBaseModel):
|
|
453
|
+
license: Annotated[Union[License1, License2], Field(title="License Object")]
|
|
425
454
|
expression: Annotated[
|
|
426
455
|
Optional[str],
|
|
427
456
|
Field(
|
|
@@ -431,6 +460,17 @@ class LicenseChoice(CycloneDXBaseModel):
|
|
|
431
460
|
] = None
|
|
432
461
|
|
|
433
462
|
|
|
463
|
+
class LicenseChoice2(CycloneDXBaseModel):
|
|
464
|
+
license: Annotated[Optional[Union[License1, License2]], Field(title="License Object")] = None
|
|
465
|
+
expression: Annotated[
|
|
466
|
+
str,
|
|
467
|
+
Field(
|
|
468
|
+
examples=["Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0"],
|
|
469
|
+
title="SPDX License Expression",
|
|
470
|
+
),
|
|
471
|
+
]
|
|
472
|
+
|
|
473
|
+
|
|
434
474
|
class Commit(CycloneDXBaseModel):
|
|
435
475
|
"""
|
|
436
476
|
Specifies an individual commit
|
|
@@ -527,7 +567,9 @@ class ComponentEvidence(CycloneDXBaseModel):
|
|
|
527
567
|
Provides the ability to document evidence collected through various forms of extraction or analysis.
|
|
528
568
|
"""
|
|
529
569
|
|
|
530
|
-
licenses: Annotated[
|
|
570
|
+
licenses: Annotated[
|
|
571
|
+
Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
|
|
572
|
+
] = None
|
|
531
573
|
copyright: Annotated[Optional[List[Copyright]], Field(title="Copyright")] = None
|
|
532
574
|
|
|
533
575
|
|
|
@@ -662,7 +704,9 @@ class Service(CycloneDXBaseModel):
|
|
|
662
704
|
Optional[List[DataClassification]],
|
|
663
705
|
Field(description="Specifies the data classification.", title="Data Classification"),
|
|
664
706
|
] = None
|
|
665
|
-
licenses: Annotated[
|
|
707
|
+
licenses: Annotated[
|
|
708
|
+
Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
|
|
709
|
+
] = None
|
|
666
710
|
externalReferences: Annotated[Optional[List[ExternalReference]], Field(title="External References")] = None
|
|
667
711
|
services: Annotated[Optional[List[Service]], Field(title="Services")] = None
|
|
668
712
|
properties: Annotated[
|
|
@@ -807,7 +851,7 @@ class Metadata(CycloneDXBaseModel):
|
|
|
807
851
|
title="Supplier",
|
|
808
852
|
),
|
|
809
853
|
] = None
|
|
810
|
-
licenses: Annotated[Optional[List[
|
|
854
|
+
licenses: Annotated[Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="BOM License(s)")] = None
|
|
811
855
|
properties: Annotated[
|
|
812
856
|
Optional[List[Property]],
|
|
813
857
|
Field(
|
|
@@ -1001,7 +1045,9 @@ class Component(CycloneDXBaseModel):
|
|
|
1001
1045
|
),
|
|
1002
1046
|
] = Scope.required
|
|
1003
1047
|
hashes: Annotated[Optional[List[Hash]], Field(title="Component Hashes")] = None
|
|
1004
|
-
licenses: Annotated[
|
|
1048
|
+
licenses: Annotated[
|
|
1049
|
+
Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
|
|
1050
|
+
] = None
|
|
1005
1051
|
copyright: Annotated[
|
|
1006
1052
|
Optional[str],
|
|
1007
1053
|
Field(
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"""
|
|
2
2
|
--------------------------------------------------------------------------------
|
|
3
|
-
SPDX-FileCopyrightText: Copyright ©
|
|
3
|
+
SPDX-FileCopyrightText: Copyright © 2025 Lockheed Martin <open.source@lmco.com>
|
|
4
4
|
SPDX-FileName: hoppr_cyclonedx_models/cyclonedx_1_4.py
|
|
5
5
|
SPDX-FileType: SOURCE
|
|
6
6
|
SPDX-License-Identifier: MIT
|
|
@@ -25,8 +25,8 @@ THE SOFTWARE.
|
|
|
25
25
|
--------------------------------------------------------------------------------
|
|
26
26
|
This file was generated by datamodel-codegen:
|
|
27
27
|
filename: bom-1.4.schema.json
|
|
28
|
-
timestamp:
|
|
29
|
-
version: 0.
|
|
28
|
+
timestamp: 2025-09-17T19:02:47+00:00
|
|
29
|
+
version: 0.25.7
|
|
30
30
|
"""
|
|
31
31
|
|
|
32
32
|
from __future__ import annotations
|
|
@@ -504,19 +504,6 @@ class Advisory(CycloneDXBaseModel):
|
|
|
504
504
|
url: Annotated[str, Field(description="Location where the advisory can be obtained.", title="URL")]
|
|
505
505
|
|
|
506
506
|
|
|
507
|
-
Cwe = Annotated[
|
|
508
|
-
int,
|
|
509
|
-
Field(
|
|
510
|
-
description=(
|
|
511
|
-
"Integer representation of a Common Weaknesses Enumerations (CWE). For example 399 (of"
|
|
512
|
-
" https://cwe.mitre.org/data/definitions/399.html)"
|
|
513
|
-
),
|
|
514
|
-
ge=1,
|
|
515
|
-
title="CWE",
|
|
516
|
-
),
|
|
517
|
-
]
|
|
518
|
-
|
|
519
|
-
|
|
520
507
|
class Severity(Enum):
|
|
521
508
|
"""
|
|
522
509
|
Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.
|
|
@@ -712,18 +699,6 @@ class Analysis(CycloneDXBaseModel):
|
|
|
712
699
|
] = None
|
|
713
700
|
|
|
714
701
|
|
|
715
|
-
class Affect(CycloneDXBaseModel):
|
|
716
|
-
class Config:
|
|
717
|
-
extra = Extra.forbid
|
|
718
|
-
|
|
719
|
-
ref: Annotated[
|
|
720
|
-
str, Field(description="References a component or service by the objects bom-ref", title="Reference")
|
|
721
|
-
]
|
|
722
|
-
versions: Annotated[
|
|
723
|
-
Optional[List], Field(description="Zero or more individual versions or range of versions.", title="Versions")
|
|
724
|
-
] = None
|
|
725
|
-
|
|
726
|
-
|
|
727
702
|
class AffectedStatus(Enum):
|
|
728
703
|
"""
|
|
729
704
|
The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.
|
|
@@ -741,25 +716,7 @@ class AffectedStatus(Enum):
|
|
|
741
716
|
return next((member for member in cls if member.name in {str(value), str(value).upper()}), None)
|
|
742
717
|
|
|
743
718
|
|
|
744
|
-
|
|
745
|
-
str, Field(description="A single version of a component or service.", max_length=1024, min_length=1)
|
|
746
|
-
]
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
Range = Annotated[
|
|
750
|
-
str,
|
|
751
|
-
Field(
|
|
752
|
-
description=(
|
|
753
|
-
"A version range specified in Package URL Version Range syntax (vers) which is defined at"
|
|
754
|
-
" https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst"
|
|
755
|
-
),
|
|
756
|
-
max_length=1024,
|
|
757
|
-
min_length=1,
|
|
758
|
-
),
|
|
759
|
-
]
|
|
760
|
-
|
|
761
|
-
|
|
762
|
-
class AlgorithmEnum(Enum):
|
|
719
|
+
class Algorithm(Enum):
|
|
763
720
|
"""
|
|
764
721
|
Signature algorithm. The currently recognized JWA [RFC7518] and RFC8037 [RFC8037] asymmetric key algorithms. Note: Unlike RFC8037 [RFC8037] JSF requires explicit Ed* algorithm names instead of "EdDSA".
|
|
765
722
|
"""
|
|
@@ -877,7 +834,39 @@ class Hash(CycloneDXBaseModel):
|
|
|
877
834
|
]
|
|
878
835
|
|
|
879
836
|
|
|
880
|
-
class
|
|
837
|
+
class License1(CycloneDXBaseModel):
|
|
838
|
+
class Config:
|
|
839
|
+
extra = Extra.forbid
|
|
840
|
+
|
|
841
|
+
id: Annotated[
|
|
842
|
+
spdx.LicenseID, Field(description="A valid SPDX license ID", examples=["Apache-2.0"], title="License ID (SPDX)")
|
|
843
|
+
]
|
|
844
|
+
name: Annotated[
|
|
845
|
+
Optional[str],
|
|
846
|
+
Field(
|
|
847
|
+
description="If SPDX does not define the license used, this field may be used to provide the license name",
|
|
848
|
+
examples=["Acme Software License"],
|
|
849
|
+
title="License Name",
|
|
850
|
+
),
|
|
851
|
+
] = None
|
|
852
|
+
text: Annotated[
|
|
853
|
+
Optional[Attachment],
|
|
854
|
+
Field(description="An optional way to include the textual content of a license.", title="License text"),
|
|
855
|
+
] = None
|
|
856
|
+
url: Annotated[
|
|
857
|
+
Optional[str],
|
|
858
|
+
Field(
|
|
859
|
+
description=(
|
|
860
|
+
"The URL to the license file. If specified, a 'license' externalReference should also be specified for"
|
|
861
|
+
" completeness"
|
|
862
|
+
),
|
|
863
|
+
examples=["https://www.apache.org/licenses/LICENSE-2.0.txt"],
|
|
864
|
+
title="License URL",
|
|
865
|
+
),
|
|
866
|
+
] = None
|
|
867
|
+
|
|
868
|
+
|
|
869
|
+
class License2(CycloneDXBaseModel):
|
|
881
870
|
class Config:
|
|
882
871
|
extra = Extra.forbid
|
|
883
872
|
|
|
@@ -886,13 +875,13 @@ class License(CycloneDXBaseModel):
|
|
|
886
875
|
Field(description="A valid SPDX license ID", examples=["Apache-2.0"], title="License ID (SPDX)"),
|
|
887
876
|
] = None
|
|
888
877
|
name: Annotated[
|
|
889
|
-
|
|
878
|
+
str,
|
|
890
879
|
Field(
|
|
891
880
|
description="If SPDX does not define the license used, this field may be used to provide the license name",
|
|
892
881
|
examples=["Acme Software License"],
|
|
893
882
|
title="License Name",
|
|
894
883
|
),
|
|
895
|
-
]
|
|
884
|
+
]
|
|
896
885
|
text: Annotated[
|
|
897
886
|
Optional[Attachment],
|
|
898
887
|
Field(description="An optional way to include the textual content of a license.", title="License text"),
|
|
@@ -910,11 +899,11 @@ class License(CycloneDXBaseModel):
|
|
|
910
899
|
] = None
|
|
911
900
|
|
|
912
901
|
|
|
913
|
-
class
|
|
902
|
+
class LicenseChoice1(CycloneDXBaseModel):
|
|
914
903
|
class Config:
|
|
915
904
|
extra = Extra.forbid
|
|
916
905
|
|
|
917
|
-
license:
|
|
906
|
+
license: Annotated[Union[License1, License2], Field(title="License Object")]
|
|
918
907
|
expression: Annotated[
|
|
919
908
|
Optional[str],
|
|
920
909
|
Field(
|
|
@@ -924,6 +913,20 @@ class LicenseChoice(CycloneDXBaseModel):
|
|
|
924
913
|
] = None
|
|
925
914
|
|
|
926
915
|
|
|
916
|
+
class LicenseChoice2(CycloneDXBaseModel):
|
|
917
|
+
class Config:
|
|
918
|
+
extra = Extra.forbid
|
|
919
|
+
|
|
920
|
+
license: Annotated[Optional[Union[License1, License2]], Field(title="License Object")] = None
|
|
921
|
+
expression: Annotated[
|
|
922
|
+
str,
|
|
923
|
+
Field(
|
|
924
|
+
examples=["Apache-2.0 AND (MIT OR GPL-2.0-only)", "GPL-3.0-only WITH Classpath-exception-2.0"],
|
|
925
|
+
title="SPDX License Expression",
|
|
926
|
+
),
|
|
927
|
+
]
|
|
928
|
+
|
|
929
|
+
|
|
927
930
|
class Commit(CycloneDXBaseModel):
|
|
928
931
|
"""
|
|
929
932
|
Specifies an individual commit
|
|
@@ -1066,7 +1069,9 @@ class ComponentEvidence(CycloneDXBaseModel):
|
|
|
1066
1069
|
class Config:
|
|
1067
1070
|
extra = Extra.forbid
|
|
1068
1071
|
|
|
1069
|
-
licenses: Annotated[
|
|
1072
|
+
licenses: Annotated[
|
|
1073
|
+
Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
|
|
1074
|
+
] = None
|
|
1070
1075
|
copyright: Annotated[Optional[List[Copyright]], Field(title="Copyright")] = None
|
|
1071
1076
|
|
|
1072
1077
|
|
|
@@ -1125,11 +1130,70 @@ class Credits(CycloneDXBaseModel):
|
|
|
1125
1130
|
] = None
|
|
1126
1131
|
|
|
1127
1132
|
|
|
1133
|
+
class Versions(CycloneDXBaseModel):
|
|
1134
|
+
class Config:
|
|
1135
|
+
extra = Extra.forbid
|
|
1136
|
+
|
|
1137
|
+
version: Annotated[
|
|
1138
|
+
str, Field(description="A single version of a component or service.", max_length=1024, min_length=1)
|
|
1139
|
+
]
|
|
1140
|
+
range: Annotated[
|
|
1141
|
+
Optional[str],
|
|
1142
|
+
Field(
|
|
1143
|
+
description=(
|
|
1144
|
+
"A version range specified in Package URL Version Range syntax (vers) which is defined at"
|
|
1145
|
+
" https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst"
|
|
1146
|
+
),
|
|
1147
|
+
max_length=1024,
|
|
1148
|
+
min_length=1,
|
|
1149
|
+
),
|
|
1150
|
+
] = None
|
|
1151
|
+
status: Annotated[
|
|
1152
|
+
Optional[AffectedStatus], Field(description="The vulnerability status for the version or range of versions.")
|
|
1153
|
+
] = AffectedStatus.affected
|
|
1154
|
+
|
|
1155
|
+
|
|
1156
|
+
class Versions1(CycloneDXBaseModel):
|
|
1157
|
+
class Config:
|
|
1158
|
+
extra = Extra.forbid
|
|
1159
|
+
|
|
1160
|
+
version: Annotated[
|
|
1161
|
+
Optional[str], Field(description="A single version of a component or service.", max_length=1024, min_length=1)
|
|
1162
|
+
] = None
|
|
1163
|
+
range: Annotated[
|
|
1164
|
+
str,
|
|
1165
|
+
Field(
|
|
1166
|
+
description=(
|
|
1167
|
+
"A version range specified in Package URL Version Range syntax (vers) which is defined at"
|
|
1168
|
+
" https://github.com/package-url/purl-spec/VERSION-RANGE-SPEC.rst"
|
|
1169
|
+
),
|
|
1170
|
+
max_length=1024,
|
|
1171
|
+
min_length=1,
|
|
1172
|
+
),
|
|
1173
|
+
]
|
|
1174
|
+
status: Annotated[
|
|
1175
|
+
Optional[AffectedStatus], Field(description="The vulnerability status for the version or range of versions.")
|
|
1176
|
+
] = AffectedStatus.affected
|
|
1177
|
+
|
|
1178
|
+
|
|
1179
|
+
class Affect(CycloneDXBaseModel):
|
|
1180
|
+
class Config:
|
|
1181
|
+
extra = Extra.forbid
|
|
1182
|
+
|
|
1183
|
+
ref: Annotated[
|
|
1184
|
+
str, Field(description="References a component or service by the objects bom-ref", title="Reference")
|
|
1185
|
+
]
|
|
1186
|
+
versions: Annotated[
|
|
1187
|
+
Optional[List[Union[Versions, Versions1]]],
|
|
1188
|
+
Field(description="Zero or more individual versions or range of versions.", title="Versions"),
|
|
1189
|
+
] = None
|
|
1190
|
+
|
|
1191
|
+
|
|
1128
1192
|
class Signer(CycloneDXBaseModel):
|
|
1129
1193
|
class Config:
|
|
1130
1194
|
extra = Extra.forbid
|
|
1131
1195
|
|
|
1132
|
-
algorithm: Union[
|
|
1196
|
+
algorithm: Union[Algorithm, AnyUrl]
|
|
1133
1197
|
keyId: Annotated[
|
|
1134
1198
|
Optional[str],
|
|
1135
1199
|
Field(description="Optional. Application specific string identifying the signature key.", title="Key ID"),
|
|
@@ -1245,13 +1309,14 @@ class Vulnerability(CycloneDXBaseModel):
|
|
|
1245
1309
|
Optional[List[Rating]], Field(description="List of vulnerability ratings", title="Ratings")
|
|
1246
1310
|
] = None
|
|
1247
1311
|
cwes: Annotated[
|
|
1248
|
-
Optional[List[
|
|
1312
|
+
Optional[List[int]],
|
|
1249
1313
|
Field(
|
|
1250
1314
|
description=(
|
|
1251
1315
|
"List of Common Weaknesses Enumerations (CWEs) codes that describes this vulnerability. For example 399"
|
|
1252
1316
|
" (of https://cwe.mitre.org/data/definitions/399.html)"
|
|
1253
1317
|
),
|
|
1254
1318
|
examples=[399],
|
|
1319
|
+
ge=1,
|
|
1255
1320
|
title="CWEs",
|
|
1256
1321
|
),
|
|
1257
1322
|
] = None
|
|
@@ -1440,7 +1505,9 @@ class Service(CycloneDXBaseModel):
|
|
|
1440
1505
|
Optional[List[DataClassification]],
|
|
1441
1506
|
Field(description="Specifies the data classification.", title="Data Classification"),
|
|
1442
1507
|
] = None
|
|
1443
|
-
licenses: Annotated[
|
|
1508
|
+
licenses: Annotated[
|
|
1509
|
+
Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
|
|
1510
|
+
] = None
|
|
1444
1511
|
externalReferences: Annotated[
|
|
1445
1512
|
Optional[List[ExternalReference]],
|
|
1446
1513
|
Field(
|
|
@@ -1691,7 +1758,7 @@ class Metadata(CycloneDXBaseModel):
|
|
|
1691
1758
|
title="Supplier",
|
|
1692
1759
|
),
|
|
1693
1760
|
] = None
|
|
1694
|
-
licenses: Annotated[Optional[List[
|
|
1761
|
+
licenses: Annotated[Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="BOM License(s)")] = None
|
|
1695
1762
|
properties: Annotated[
|
|
1696
1763
|
Optional[List[Property]],
|
|
1697
1764
|
Field(
|
|
@@ -1919,7 +1986,9 @@ class Component(CycloneDXBaseModel):
|
|
|
1919
1986
|
),
|
|
1920
1987
|
] = Scope.required
|
|
1921
1988
|
hashes: Annotated[Optional[List[Hash]], Field(title="Component Hashes")] = None
|
|
1922
|
-
licenses: Annotated[
|
|
1989
|
+
licenses: Annotated[
|
|
1990
|
+
Optional[List[Union[LicenseChoice1, LicenseChoice2]]], Field(title="Component License(s)")
|
|
1991
|
+
] = None
|
|
1923
1992
|
copyright: Annotated[
|
|
1924
1993
|
Optional[str],
|
|
1925
1994
|
Field(
|