cyclonedx.model.license ======================= .. py:module:: cyclonedx.model.license .. autoapi-nested-parse:: License related things Attributes ---------- .. autoapisummary:: cyclonedx.model.license.LicenseExpressionAcknowledgement cyclonedx.model.license.License Classes ------- .. autoapisummary:: cyclonedx.model.license.LicenseAcknowledgement cyclonedx.model.license.DisjunctiveLicense cyclonedx.model.license.LicenseExpression cyclonedx.model.license.LicenseRepository Module Contents --------------- .. py:class:: LicenseAcknowledgement Bases: :py:obj:`str`, :py:obj:`enum.Enum` This is our internal representation of the `type_licenseAcknowledgementEnumerationType` ENUM type within the CycloneDX standard. .. note:: Introduced in CycloneDX v1.6 .. note:: See the CycloneDX Schema for hashType: https://cyclonedx.org/docs/1.7/xml/#type_licenseAcknowledgementEnumerationType .. py:attribute:: CONCLUDED :value: 'concluded' .. py:attribute:: DECLARED :value: 'declared' .. py:data:: LicenseExpressionAcknowledgement Deprecated - Alias for :class:`LicenseAcknowledgement` .. deprecated:: next Import `LicenseAcknowledgement` instead. The exported original symbol itself is NOT deprecated - only this import path. .. py:class:: DisjunctiveLicense(*, bom_ref: Optional[Union[str, cyclonedx.model.bom_ref.BomRef]] = None, id: Optional[str] = None, name: Optional[str] = None, text: Optional[cyclonedx.model.AttachedText] = None, url: Optional[cyclonedx.model.XsUri] = None, acknowledgement: Optional[LicenseAcknowledgement] = None) This is our internal representation of `licenseType` complex type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_licenseType .. py:property:: bom_ref :type: cyclonedx.model.bom_ref.BomRef An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. Returns: `BomRef` .. py:property:: id :type: Optional[str] A SPDX license ID. .. note:: See the list of expected values: https://cyclonedx.org/docs/1.7/json/#components_items_licenses_items_license_id Returns: `str` or `None` .. py:property:: name :type: Optional[str] If SPDX does not define the license used, this field may be used to provide the license name. Returns: `str` or `None` .. py:property:: text :type: Optional[cyclonedx.model.AttachedText] Specifies the optional full text of the attachment Returns: `AttachedText` else `None` .. py:property:: url :type: Optional[cyclonedx.model.XsUri] The URL to the attachment file. If the attachment is a license or BOM, an externalReference should also be specified for completeness. Returns: `XsUri` or `None` .. py:property:: acknowledgement :type: Optional[LicenseAcknowledgement] Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in evidence.licenses. Observed licenses form the evidence necessary to substantiate a concluded license. Returns: `LicenseAcknowledgement` or `None` .. py:class:: LicenseExpression(value: str, *, bom_ref: Optional[Union[str, cyclonedx.model.bom_ref.BomRef]] = None, acknowledgement: Optional[LicenseAcknowledgement] = None) This is our internal representation of `licenseType`'s expression type that can be used in multiple places within a CycloneDX BOM document. .. note:: See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_licenses_items_expression .. py:property:: bom_ref :type: cyclonedx.model.bom_ref.BomRef An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. Returns: `BomRef` .. py:property:: value :type: str Value of this LicenseExpression. Returns: `str` .. py:property:: acknowledgement :type: Optional[LicenseAcknowledgement] Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in evidence.licenses. Observed licenses form the evidence necessary to substantiate a concluded license. Returns: `LicenseAcknowledgement` or `None` .. py:data:: License TypeAlias for a union of supported license models. - :class:`LicenseExpression` - :class:`DisjunctiveLicense` .. py:class:: LicenseRepository Bases: :py:obj:`sortedcontainers.SortedSet`\ [\ :py:obj:`License`\ ] Collection of :class:`License`. This is a `set`, not a `list`. Order MUST NOT matter here. If you wanted a certain order, then you should also express whether the items are concat by `AND` or `OR`. If you wanted to do so, you should use :class:`LicenseExpression`. As a model, this MUST accept multiple :class:`LicenseExpression` along with multiple :class:`DisjunctiveLicense`, as this was an accepted in CycloneDX JSON before v1.5. So for modeling purposes, this is supported. Denormalizers/deserializers will be thankful. The normalization/serialization process SHOULD take care of these facts and do what is needed.