cyclonedx.model.component_evidence ================================== .. py:module:: cyclonedx.model.component_evidence Classes ------- .. autoapisummary:: cyclonedx.model.component_evidence.IdentityField cyclonedx.model.component_evidence.AnalysisTechnique cyclonedx.model.component_evidence.Method cyclonedx.model.component_evidence.Identity cyclonedx.model.component_evidence.Occurrence cyclonedx.model.component_evidence.CallStackFrame cyclonedx.model.component_evidence.CallStack cyclonedx.model.component_evidence.ComponentEvidence Module Contents --------------- .. py:class:: IdentityField Bases: :py:obj:`str`, :py:obj:`enum.Enum` Enum object that defines the permissible field types for Identity. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_identity .. py:attribute:: GROUP :value: 'group' .. py:attribute:: NAME :value: 'name' .. py:attribute:: VERSION :value: 'version' .. py:attribute:: PURL :value: 'purl' .. py:attribute:: CPE :value: 'cpe' .. py:attribute:: OMNIBOR_ID :value: 'omniborId' .. py:attribute:: SWHID :value: 'swhid' .. py:attribute:: SWID :value: 'swid' .. py:attribute:: HASH :value: 'hash' .. py:class:: AnalysisTechnique Bases: :py:obj:`str`, :py:obj:`enum.Enum` Enum object that defines the permissible analysis techniques. .. py:attribute:: SOURCE_CODE_ANALYSIS :value: 'source-code-analysis' .. py:attribute:: BINARY_ANALYSIS :value: 'binary-analysis' .. py:attribute:: MANIFEST_ANALYSIS :value: 'manifest-analysis' .. py:attribute:: AST_FINGERPRINT :value: 'ast-fingerprint' .. py:attribute:: HASH_COMPARISON :value: 'hash-comparison' .. py:attribute:: INSTRUMENTATION :value: 'instrumentation' .. py:attribute:: DYNAMIC_ANALYSIS :value: 'dynamic-analysis' .. py:attribute:: FILENAME :value: 'filename' .. py:attribute:: ATTESTATION :value: 'attestation' .. py:attribute:: OTHER :value: 'other' .. py:class:: Method(*, technique: AnalysisTechnique, confidence: decimal.Decimal, value: Optional[str] = None) Represents a method used to extract and/or analyze evidence. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_identity_oneOf_i0_items_methods .. py:property:: technique :type: AnalysisTechnique .. py:property:: confidence :type: decimal.Decimal The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence. .. py:property:: value :type: Optional[str] .. py:class:: Identity(*, field: IdentityField, confidence: Optional[decimal.Decimal] = None, concluded_value: Optional[str] = None, methods: Optional[collections.abc.Iterable[Method]] = None, tools: Optional[collections.abc.Iterable[cyclonedx.model.bom_ref.BomRef]] = None) Our internal representation of the `identityType` complex type. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_identity .. py:property:: field :type: IdentityField .. py:property:: confidence :type: Optional[decimal.Decimal] The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence. .. py:property:: concluded_value :type: Optional[str] .. py:property:: methods :type: SortedSet[Method] .. py:property:: tools :type: SortedSet[BomRef] References to the tools used to perform analysis and collect evidence. .. py:class:: Occurrence(*, bom_ref: Optional[Union[str, cyclonedx.model.bom_ref.BomRef]] = None, location: str, line: Optional[int] = None, offset: Optional[int] = None, symbol: Optional[str] = None, additional_context: Optional[str] = None) Our internal representation of the `occurrenceType` complex type. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_occurrences .. py:property:: location :type: str Location can be a file path, URL, or a unique identifier from a component discovery tool .. py:property:: line :type: Optional[int] The line number in the file where the dependency or reference was detected. .. py:property:: offset :type: Optional[int] The offset location within the file where the dependency or reference was detected. .. py:property:: symbol :type: Optional[str] Programming language symbol or import name. .. py:property:: additional_context :type: Optional[str] Additional context about the occurrence of the component. .. py:property:: bom_ref :type: cyclonedx.model.bom_ref.BomRef An optional identifier which can be used to reference the requirement elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. Returns: `BomRef` .. py:class:: CallStackFrame(*, module: str, package: Optional[str] = None, function: Optional[str] = None, parameters: Optional[collections.abc.Iterable[str]] = None, line: Optional[int] = None, column: Optional[int] = None, full_filename: Optional[str] = None) Represents an individual frame in a call stack. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_callstack .. py:property:: package :type: Optional[str] The package name. .. py:property:: module :type: str The module name .. py:property:: function :type: Optional[str] The function name. .. py:property:: parameters :type: SortedSet[str] Function parameters .. py:property:: line :type: Optional[int] The line number .. py:property:: column :type: Optional[int] The column number .. py:property:: full_filename :type: Optional[str] The full file path .. py:class:: CallStack(*, frames: Optional[collections.abc.Iterable[CallStackFrame]] = None) Our internal representation of the `callStackType` complex type. Contains an array of stack frames describing a call stack from when a component was identified. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_callstack .. py:property:: frames :type: List[CallStackFrame] Array of stack frames .. py:class:: ComponentEvidence(*, identity: Optional[Union[collections.abc.Iterable[Identity], Identity]] = None, occurrences: Optional[collections.abc.Iterable[Occurrence]] = None, callstack: Optional[CallStack] = None, licenses: Optional[collections.abc.Iterable[cyclonedx.model.license.License]] = None, copyright: Optional[collections.abc.Iterable[cyclonedx.model.Copyright]] = None) Our internal representation of the `componentEvidenceType` complex type. Provides the ability to document evidence collected through various forms of extraction or analysis. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_componentEvidenceType .. py:property:: identity :type: SortedSet[Identity] Provides a way to identify components via various methods. Returns SortedSet of identities. .. py:property:: occurrences :type: SortedSet[Occurrence] A list of locations where evidence was obtained from. .. py:property:: callstack :type: Optional[CallStack] A representation of a call stack from when the component was identified. .. py:property:: licenses :type: cyclonedx.model.license.LicenseRepository Optional list of licenses obtained during analysis. Returns: Set of `LicenseChoice` .. py:property:: copyright :type: SortedSet[Copyright] Optional list of copyright statements. Returns: Set of `Copyright`