cyclonedx-python-lib
cyclonedx-python-lib copied to clipboard
CycloneDX
Python implementation of OWASP CycloneDX
see also: https://peps.python.org/pep-0387/ goal: improve backwards compatibility, while improving Developer experience. ## solution - [x] move deprecated property warnings to setters - via #838 - [x] annotate deprecated symbols -...
there may be use-cases where people want to re-distribute this library with all its dependencies. some (optional/transitive) dependencies might be licensed under GPL, which prevents an assembled re-distribution. see -...
**Library Version:** `7.6.1` **Description:** **Steps to Reproduce:** 1. Use the example JSON provided in the [CycloneDX bom-examples repository](https://github.com/CycloneDX/bom-examples/blob/c0436d86cd60693f01d19fe1aacfd01e70e17036/CBOM/Example-With-Dependencies/bom.json). 2. Run the following script: ```python import json from cyclonedx.model.bom import Bom...
github action `python-semantic-release/upload-to-gh-release` states: > Warning: This action has been DEPRECATED. Please use the 'python-semantic-release/publish-action' instead. goal: replace this action with the non-deprecated one
Create documentation to guide users on validating SBOMs. The CycloneDX Python library can validate an SBOM based on the schema, independent of the library's support for SBOM serialization, which is...
part of https://github.com/CycloneDX/cyclonedx-python-lib/issues/903
see https://github.com/CycloneDX/specification/releases/tag/1.7 The following items are not currently supported for CycloneDX v1.7 (as of release 11.4.x): - [ ] external components - [ ] multiple SPDX License Expressions alongside with...
Bumps [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) from 10.0.2 to 10.4.1. Release notes Sourced from python-semantic-release/python-semantic-release's releases. v10.4.1 (2025-09-13) This release is published under the MIT License. 🪲 Bug Fixes cmd-version: Fix error where --no-tag...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
since v11, after switching to the non-GPL JSON validators, the performance of validation of large files is utterly slow. this is due to the slow performance of the used lib...
> [!NOTE] > This is a draft, an idea. > > The philosophy/contract of this library, i it's early days, was to auto-populate all bom-refs, > so the JSON/XML result...