cyclonedx.model.component_evidence
Classes
Enum object that defines the permissible field types for Identity. |
|
Enum object that defines the permissible analysis techniques. |
|
Represents a method used to extract and/or analyze evidence. |
|
Our internal representation of the identityType complex type. |
|
Our internal representation of the occurrenceType complex type. |
|
Represents an individual frame in a call stack. |
|
Our internal representation of the callStackType complex type. |
|
Our internal representation of the componentEvidenceType complex type. |
Module Contents
- class cyclonedx.model.component_evidence.IdentityField
Bases:
str,enum.EnumEnum object that defines the permissible field types for Identity.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_identity
- GROUP = 'group'
- NAME = 'name'
- VERSION = 'version'
- PURL = 'purl'
- CPE = 'cpe'
- OMNIBOR_ID = 'omniborId'
- SWHID = 'swhid'
- SWID = 'swid'
- HASH = 'hash'
- class cyclonedx.model.component_evidence.AnalysisTechnique
Bases:
str,enum.EnumEnum object that defines the permissible analysis techniques.
- SOURCE_CODE_ANALYSIS = 'source-code-analysis'
- BINARY_ANALYSIS = 'binary-analysis'
- MANIFEST_ANALYSIS = 'manifest-analysis'
- AST_FINGERPRINT = 'ast-fingerprint'
- HASH_COMPARISON = 'hash-comparison'
- INSTRUMENTATION = 'instrumentation'
- DYNAMIC_ANALYSIS = 'dynamic-analysis'
- FILENAME = 'filename'
- ATTESTATION = 'attestation'
- OTHER = 'other'
- class cyclonedx.model.component_evidence.Method(*, technique: AnalysisTechnique, confidence: decimal.Decimal, value: str | None = None)
Represents a method used to extract and/or analyze evidence.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_identity_oneOf_i0_items_methods
- property technique: AnalysisTechnique
- property confidence: decimal.Decimal
The confidence of the evidence from 0 - 1, where 1 is 100% confidence. Confidence is specific to the technique used. Each technique of analysis can have independent confidence.
- property value: str | None
- class cyclonedx.model.component_evidence.Identity(*, field: IdentityField, confidence: decimal.Decimal | None = None, concluded_value: str | None = None, methods: collections.abc.Iterable[Method] | None = None, tools: collections.abc.Iterable[cyclonedx.model.bom_ref.BomRef] | None = None)
Our internal representation of the identityType complex type.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_identity
- property field: IdentityField
- property confidence: decimal.Decimal | None
The overall confidence of the evidence from 0 - 1, where 1 is 100% confidence.
- property concluded_value: str | None
- class cyclonedx.model.component_evidence.Occurrence(*, bom_ref: str | cyclonedx.model.bom_ref.BomRef | None = None, location: str, line: int | None = None, offset: int | None = None, symbol: str | None = None, additional_context: str | None = None)
Our internal representation of the occurrenceType complex type.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_occurrences
- property location: str
Location can be a file path, URL, or a unique identifier from a component discovery tool
- property line: int | None
The line number in the file where the dependency or reference was detected.
- property offset: int | None
The offset location within the file where the dependency or reference was detected.
- property symbol: str | None
Programming language symbol or import name.
- property additional_context: str | None
Additional context about the occurrence of the component.
- property bom_ref: cyclonedx.model.bom_ref.BomRef
An optional identifier which can be used to reference the requirement elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.
- Returns:
BomRef
- class cyclonedx.model.component_evidence.CallStackFrame(*, module: str, package: str | None = None, function: str | None = None, parameters: collections.abc.Iterable[str] | None = None, line: int | None = None, column: int | None = None, full_filename: str | None = None)
Represents an individual frame in a call stack.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_callstack
- property package: str | None
The package name.
- property module: str
The module name
- property function: str | None
The function name.
- property parameters: SortedSet[str]
Function parameters
- property line: int | None
The line number
- property column: int | None
The column number
- property full_filename: str | None
The full file path
- class cyclonedx.model.component_evidence.CallStack(*, frames: collections.abc.Iterable[CallStackFrame] | None = None)
Our internal representation of the callStackType complex type. Contains an array of stack frames describing a call stack from when a component was identified.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/json/#components_items_evidence_callstack
- property frames: List[CallStackFrame]
Array of stack frames
- class cyclonedx.model.component_evidence.ComponentEvidence(*, identity: collections.abc.Iterable[Identity] | Identity | None = None, occurrences: collections.abc.Iterable[Occurrence] | None = None, callstack: CallStack | None = None, licenses: collections.abc.Iterable[cyclonedx.model.license.License] | None = None, copyright: collections.abc.Iterable[cyclonedx.model.Copyright] | None = None)
Our internal representation of the componentEvidenceType complex type.
Provides the ability to document evidence collected through various forms of extraction or analysis.
Note
See the CycloneDX Schema definition: https://cyclonedx.org/docs/1.7/xml/#type_componentEvidenceType
- property identity: SortedSet[Identity]
Provides a way to identify components via various methods. Returns SortedSet of identities.
- property occurrences: SortedSet[Occurrence]
A list of locations where evidence was obtained from.
- property callstack: CallStack | None
A representation of a call stack from when the component was identified.
- property licenses: cyclonedx.model.license.LicenseRepository
Optional list of licenses obtained during analysis.
- Returns:
Set of LicenseChoice