Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: metadata.tools support components&services #561

Open
maitrey opened this issue Mar 1, 2024 · 2 comments
Open

feat: metadata.tools support components&services #561

maitrey opened this issue Mar 1, 2024 · 2 comments
Labels
enhancement New feature or request help wanted Extra attention is needed schema 1.5

Comments

@maitrey
Copy link

maitrey commented Mar 1, 2024
edited

Hi !

Version cyclonedx-python-lib:6.4.1
Platform: Windows
Python Version: 3.12
Input(s):

  1. My goal is to achieve the xml output in the format:
<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:dcfe183f-da82-43c3-93f4-8dcdb80a6796" version="1">
  <metadata>
    <timestamp>2024-02-29T15:03:19.775602+00:00</timestamp>
    <tools>
        <components>
          <component type="application" bom-ref="None">
            <supplier>
              <name>Test Company</name>
            </supplier>
            <name>testtool</name>
            <version>1.0.0</version>
          </component>
        </components>
      </tools>

For which the code written is:

testcomp = Component(
    name='testtool',
    type=ComponentType.APPLICATION,
    version='1.0.0',
    supplier=OrganizationalEntity(
        name='Test Company'),)
toollist = Component(name="Test",components = [testcomp])
bom.metadata.tools.add(toollist)

Expected Output(s):

<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:dcfe183f-da82-43c3-93f4-8dcdb80a6796" version="1">
  <metadata>
    <timestamp>2024-02-29T15:03:19.775602+00:00</timestamp>
    <tools>
        <components>
          <component type="application" bom-ref="None">
            <supplier>
              <name>Test Company</name>
            </supplier>
            <name>testtool</name>
            <version>1.0.0</version>
          </component>
        </components>
      </tools>

Actual Output(s):

<?xml version="1.0" ?>
<bom xmlns="http://cyclonedx.org/schema/bom/1.5" serialNumber="urn:uuid:dcfe183f-da82-43c3-93f4-8dcdb80a6796" version="1">
  <metadata>
    <timestamp>2024-02-29T15:03:19.775602+00:00</timestamp>
    <tools>
      <tool type="library" bom-ref="None">
        <name>Test</name>
        <components>
          <component type="application" bom-ref="None">
            <supplier>
              <name>Test Company</name>
            </supplier>
            <name>testtool</name>
            <version>1.0.0</version>
          </component>
        </components>
      </tool>
   </tools>

So far it looks to me the tool class does not support adding components.
https://cyclonedx.org/docs/1.5/json/#metadata_tools_oneOf_i0_components
https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/cyclonedx/model/__init__.py#L1231
Rather it supports the older formats : https://cyclonedx.org/docs/1.5/json/#tab-pane_metadata_tools_oneOf_i1
My code fails at the XMLValidation step as the Tool Class expects the legacy format tags.
Could you please check this issue and get back? Many Thanks!
@maitrey maitrey changed the title sbom:1.5 and sbom:1.5 and cyclonedx-python-lib:6.4.1 (Tool Class) Mar 1, 2024
@jkowalleck
Copy link
Member

Current state of this library does not support Components not Services in $.metadata.tools.

This library is a community effort.
Feel free to donate the missing feature. Please follow our guidelines: https://github.com/CycloneDX/cyclonedx-python-lib/blob/main/CONTRIBUTING.md

@jkowalleck jkowalleck changed the title sbom:1.5 and cyclonedx-python-lib:6.4.1 (Tool Class) feat: metadata.tools support components&services Mar 1, 2024
@jkowalleck jkowalleck added enhancement New feature or request help wanted Extra attention is needed schema 1.5 labels Mar 1, 2024
@tdruez tdruez mentioned this issue Apr 22, 2024
Open
@madpah madpah mentioned this issue Apr 22, 2024
Open
15 tasks
@jkowalleck jkowalleck mentioned this issue Apr 24, 2024
Open
@jkowalleck
Copy link
Member

related: #597

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed schema 1.5
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maitrey @jkowalleck